On Thu, Sep 07, 2000 at 05:48:17AM -0400, Raul Miller wrote: > On Thu, Sep 07, 2000 at 06:09:31PM +1100, Craig Sanders wrote: > > it's simple - if you want a service that's worth having, you > > pay whatever it costs. if you don't want that, then pay for a > > cheap/crappy service and put up with it without whining. > > Eh?
it means exactly what it says. if you pay for garbage, don't be surprised when you get garbage. which is not to say that a good service always costs more - it means that if you subscribe to a crappy service solely because it's cheap then you've only got yourself to blame when that crappy service causes you problems. > > (that said, i don't believe that missing reverse DNS is a good > > reason for bouncing mail. a "450 try again later" response is more > > appropriate, to cope with temporary dns outages. bouncing mail from > > nonexistant domains, however, is a different story - it's almost > > certainly spam and there's no point in accepting a message which > > doesn't have a valid reply address so just bounce it) > > Ouch. I think debian developers should have a better understanding of > DNS. > > [1] A mail domain does not have to have a valid IP address. yes, i know. i said NON-EXISTANT domain - i.e. no NS record, no MX record, no A records, no records of any kind. actually, i distinguish between domains which have no existence at all, and those where an NS record exists but none of the nameservers are responding. for the former, my MTA bounces the message (with a 550 reject code). an example is [EMAIL PROTECTED] - i.e. spam from a nonexistant randomly-generated address. for the latter, my MTA uses a 450 "temporary failure, try again later" code. if they fix their DNS problem before their queue expiry time, then my system will eventually accept it. if not, then their system will bounce it after 5 days (or however long they've got it configured for). still, this is something to watch for in the logs because some broken NT mailers don't do exponential back-off (or any kind of back off at all). instead of increasing the delay between subsequent attempts, they will immediately attempt another delivery. when i see this happen, i put in an explicit rule to either reject or bounce the incoming message (depending on what the logs say - really obvious spam gets bounced, anything else gets accepted). most (if not all) unix MTAs are capable of doing this kind of domain check these days. > As a default, if you use a mail domain for which there's no mail > exchange, the default is to look for a host address with that name. > But that's just the default. yes, i know. i've been working with internet mail systems and dns for over 7 years. > [2] A PTR record does not have to contain *any* information whatsoever. > > Imagine the mail client at 1.2.3.4 initiates an smtp session with > your system. Your mail server performs a PTR lookup and gets back > 4.3.2.1.in-addr.arpa. It then performs an A lookup and finds that > 4.3.2.1.in-addr.arpa has the address 1.2.3.4. What have you learned? nothing, of course. i think you misread what i said. i said that missing or incorrect reverse DNS is *NOT* a good reason for bouncing mail. craig -- craig sanders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
