[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS error after: RCPT TO



  Digging my older unanswered questions..
(Which usually take me a moment to think before I can answer, but often
 just get buried too deep :-( )

On Fri, Oct 20, 2000 at 05:52:00PM -0500, Enrique Vadillo wrote:
> Hi all,
> 
> I'm using ZMailer Server 2.99.50-s18 and i have found that it has a different
> behaviour regarding RCPT TO analisis, when it receives a RCPT TO line
> with a nonvalid target domain, it issues the message:
> 
> 250 2.1.0 Sender syntax Ok
> rcpt to: <john@sdfdsgr4325432ddddewrgewrgtrew.com>
> 553 5.4.3 Policy analysis found DNS error on the target domain.
> 
> This is not something that we would like to happen, since we all know
> that DNS outages are very likely to take place temporarily and complains
> to this immediate error message are being received ever since we upgraded
> from 2.99.50-s5 to 2.99.50-s18

    I still am not quite sure what the status of that facility was
    way back then.   

    At some point I introduced policy control flag:
	#define P_A_TrustRecipients     20
    (See  include/policy.h  for these flag defines.)

    Placing following attribute into your active [0.0.0.0]/0
    entry will cause all kinds of recipients to be accepted,
    no matter what:

	trustrecipients +

    Hmm..  The likely gotcha of relaying control ...
    ... yeah, BAD ADVICE that one. DO NOT USE IT AT THE DEFAULT!

    Place that pair to those addresses/networks you want to allow
    to relay thru you, that is to   $MAILVAR/db/smtp-policy.relay
    file.

    Also you might want to change two things in the  policy-builder.sh
    script:
	- Disable (remove) the integrated spam-list pickup from over
	  the network.
	- Change all AWK print statements from:
		printf "%s = _full_rights %s %s %s %s...\n", $1, $2, ...
	  into
		printf "%s = _full_rights\n", $0;
    That way you can enter as many (and what kind of you want)
    attributes to the input files after the key fields.

> Is there any way i can decide to accept ANY recipient and analize it
> afterwards? not giving up the (presumably) invalid target domain 
> right away?

    Yes, but be really carefull, or you end up opening the system for
    all open relaying -- which with current wide internet with abusive
    users is not something you really want...

> Thanks,
> Enrique-
>  Enrique Vadillo <vadillo@rcp.net.pe>                http://www.rcp.net.pe
-- 
/Matti Aarnio	<mea@nic.funet.fi>