Wietse Venema:
> Keld J_rn Simonsen:
> > > OK, here goes:
> > >
> > > 1) The server replies with "good news". Postfix replies with good news.
> > >
> > > 2) The server replies with "bad news". Postfix replies with 5xx.
> > >
> > > 3) No server reply. Postfix replies with 4xx.
> > >
> > > Is this finally clear?
> >
> > Yes, thanks. But it seems that my postfix reacts differently on
> > a NXDOMAIN and SVRFAIL, although they both should lead to 5xx error codes.
NXDOMAIN is an example of case 1). SERVFAIL (not SVRFAIL) is an
example of case 3): the server is unable to provide an answer. It
is not appropriate to treat all SERVFAIL results as if the domain
is illegitimate.
If you have a problem with particular DNS servers, use
check_sender_ns_access, possibly in the form of a dynamically-updated
blacklist, or suggest a reject_rbl_xxx feature that targets the
DNS operator of the sender or client domain.
Wietse
