Solved

mail greylisting and SMTP status codes

Posted on 2011-03-16
4
666 Views
Last Modified: 2013-12-18
Hi Experts
I have a forwarding mailserver inside my office (sendmail) which does some virus check on outgoing mail.
All goes fine except with a particular domain, which always rejects my mails. I spoke with the maintainer of that domain and he says his mailserver is rejecting mails because it is doing greylisting.
But mails are rejected with errors like 5xx which I know are permanent failures.
I assert that his mailserver should return an error like 4xx for greylisting.
He replies that my mailserver is misconfigured and should keep retrying after the first 5xx error.
Who's right and who's wrong?
And, if I'm wrong, can someone point me out on how to configure sendmail to retry sending after the first 5xx error?
0
Comment
Question by:lomo74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
noci earned 500 total points
ID: 35152565
According to this source:
http://www.ietf.org/rfc/rfc0821.txt
Chapter 4.4.2:
2xx is OK
3xx is INFO
4xx is Temporary problems (ie retry later)
5xx is Final status (dont try again).

So a 4xx status (452 is a primary candidate, insufficient disk space...) is a definite status that needs to be used.
If a 5xx message is returned it really means no retry SHOULD EVER be attempted... (It sure is a way to loose mail..., but it's more blacklisting than greylisting though_.

Also this is a reference:
http://en.wikipedia.org/wiki/Callback_verification (search for geylisting somewhere halfway).
0
 
LVL 8

Author Comment

by:lomo74
ID: 35197125
Ok noci thank you.
I had a look at the various RFCs and that shed some light on the problem.
Now, one more little question before closing this Q.
The receiver is, obviously, badly configured. But if I use e.g. gmail SMTP server, emails are delivered.
Does this mean, in your opinion, that gmail itself is violating RFC, in an effort to deliver mail to buggy SMTP servers?
0
 
LVL 40

Assisted Solution

by:noci
noci earned 500 total points
ID: 35197487
If google still retries after a 5xx status then it's their design decision. It does fit in a filisophy that follows: Be strict in what you send/respond but be liberal in what you expect.... I for one do like to be more strict w.r.t. RFC's If I get an advise to stop bothering (like 5xx) i will adhere.

Ofcourse you are free to interpret return codes differently, but the RFC implied action is what you need to expect from other implementations.
So expecting a retry after a 5xx does violate the earlier filosofy but still retrying after proper timeout more or less does.
That certainly doesn't mean that google should be taken as the reference of how it SHOULD be done...

There are more corner cases w.r.t. RFC's and Microsoft, amongst others, is famous for exploiting such interpretation gaps (embrace & extend) effectively blocking proper interoperation.

Also various outfits disregard the timeouts associated with SMTP. The first retry should be after 1 hour, but many sites do retry after a few minutes...
Also a clear violation and greylisting really does expect that timeouts should be observed. (Too early retransmit should be penalised in greylisting with a newly set timeout).
0
 
LVL 8

Author Comment

by:lomo74
ID: 35200480
Oh thank you noci. I much appreciate your opinion. Unfortunately there is plenty of buggy and badly configured software out there.
So now I must convince this person that he is wrong and that he'd better review his config --
No more opinions needed, RFC says it all - closing Q.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question