[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DNS error after: RCPT TO
Digging my older unanswered questions..
(Which usually take me a moment to think before I can answer, but often
just get buried too deep :-( )
On Fri, Oct 20, 2000 at 05:52:00PM -0500, Enrique Vadillo wrote:
> Hi all,
>
> I'm using ZMailer Server 2.99.50-s18 and i have found that it has a different
> behaviour regarding RCPT TO analisis, when it receives a RCPT TO line
> with a nonvalid target domain, it issues the message:
>
> 250 2.1.0 Sender syntax Ok
> rcpt to: <john@sdfdsgr4325432ddddewrgewrgtrew.com>
> 553 5.4.3 Policy analysis found DNS error on the target domain.
>
> This is not something that we would like to happen, since we all know
> that DNS outages are very likely to take place temporarily and complains
> to this immediate error message are being received ever since we upgraded
> from 2.99.50-s5 to 2.99.50-s18
I still am not quite sure what the status of that facility was
way back then.
At some point I introduced policy control flag:
#define P_A_TrustRecipients 20
(See include/policy.h for these flag defines.)
Placing following attribute into your active [0.0.0.0]/0
entry will cause all kinds of recipients to be accepted,
no matter what:
trustrecipients +
Hmm.. The likely gotcha of relaying control ...
... yeah, BAD ADVICE that one. DO NOT USE IT AT THE DEFAULT!
Place that pair to those addresses/networks you want to allow
to relay thru you, that is to $MAILVAR/db/smtp-policy.relay
file.
Also you might want to change two things in the policy-builder.sh
script:
- Disable (remove) the integrated spam-list pickup from over
the network.
- Change all AWK print statements from:
printf "%s = _full_rights %s %s %s %s...\n", $1, $2, ...
into
printf "%s = _full_rights\n", $0;
That way you can enter as many (and what kind of you want)
attributes to the input files after the key fields.
> Is there any way i can decide to accept ANY recipient and analize it
> afterwards? not giving up the (presumably) invalid target domain
> right away?
Yes, but be really carefull, or you end up opening the system for
all open relaying -- which with current wide internet with abusive
users is not something you really want...
> Thanks,
> Enrique-
> Enrique Vadillo <vadillo@rcp.net.pe> http://www.rcp.net.pe
--
/Matti Aarnio <mea@nic.funet.fi>