Keld Jørn Simonsen a écrit : > On Tue, Jul 14, 2009 at 12:24:10AM +0200, Keld Jørn Simonsen wrote: >> Well, still problems, but of the more understandable type. >> >> Jul 14 00:11:58 rap postfix/smtpd[1054]: NOQUEUE: reject: RCPT from >> rap.rap.dk[127.0.0.1]: 450 4.1.8 <jets...@server30.reverya.com>: Sender >> address rejected: Domain not found; from=<jets...@server30.reverya.com> >> to=<k...@localhost> proto=ESMTP helo=<rap.rap.dk> Jul 14 00:11:58 rap >> postfix/smtpd[1054]: > rap.rap.dk[127.0.0.1]: 450 >> 4.1.8 <jets...@server30.reverya.com>: Sender address rejected: Domain not >> found >> >> >> host server30.reverya.com gives: >> Host server30.reverya.com not found: 2(SERVFAIL) >> >> So this would probably never resolve, but fail with a 450 error. >> I would like to discard it. I had 3 mails like that earlier today, >> with a nonresolvable domain, and they will keep lying in my IMAP box >> till I do special things to delete them. >> >> Is there a way to disambiguate between DNS timeouts and DNS errors, >> and discard the latter? > > I did have in main.cf: > > unknown_address_reject_code = 550 > > Now I also have: > > reject_tempfail_action = discard > > Still postfix respond with a 450 to fetchmail: > > Jul 14 18:52:43 rap postfix/smtpd[17637]: NOQUEUE: reject: RCPT from > rap.rap.dk[127.0.0.1]: 450 4.1.8 <jets...@server30.reverya.com>: Sender > address rejected : Domain not found; from=<jets...@server30.reverya.com> > to=<k...@localhost> proto=ESMTP helo=<rap.rap.dk> >
the client is 127.0.0.1, why do you reject/defer mail from localhost? are you using a transparent proxy in front of postfix? if not, you should not reject mail as it has already been accepted by your server. your only choice is to discard, quarantine or deliver. otherwise, you'll be a backscatter source. and if you had the real IP, you would have other means of blocking the junk. something is borked in your setup. > I now have 6 of such email in my IMAP folder. > can you show the headers? (feel free to hide private infos, but do so coherently). > I noticed anther thing: another of my domain not found emails really > times out. sys...@doremo.jp - And then I don't understand why this is > not a SERVFAIL. This happens repededly. And acces to the .jp domain > should be readily available, and then the .jp root server should be able > to tell if it did have any info in the second level domain. > But then .jp has sectoral domains on the 2nd level, like ac.jp and > or.jo. An arbitrary abdjd.jp yields a NXDOMAIN, The query times out > after 30 secs. > > So in my humble eyes it seems like a DNS timeout is actually a timeout > on the authoriative server, and that SERVFAIL is not at timeout, and it > does not reflect a timeout at the authoritative server. Consequently it > should be handled by the unknown_address_reject_code statement. > nah. the domain is unknown if its DNS server SAYS that the domain does not exist. in this case, there is NO ERROR. If you ask my whether I have seen Joe in the crime scene, then "yes" is positive, "no" is negative, and anything else (such as me running away or shooting you with a gun) is nor positive nor negative. > Hmm, also tried to do > > reject_tempfail_action = accept > > To get the mail thru, and hope that razor/spamassassin would kill them, > eventually I would had to delete it by hand. > > But still I get the 450 response code from postfix... > > Any ideas on how to get rid of the 450 code, or other actions?
