On 1/23/2013 4:33 PM, Jon A. wrote: > Today, a Google Apps user sent a message with two recipients to us, > one with TO and other a CC internal mailing list. Naturally, Google > treated each as an independent message. > > Over the course of an hour or so, because Google attempted to > deliver the messages using different outgoing hosts, postscreen > rejected the message(s) ~20 times, with a service unavailable, as > we'd expect and normally want. > ... > Comments/Thoughts/Suggestions?
I think the usual way is to use postscreen in non-blocking mode for a couple weeks to build up the temporary whitelist. The default cache time for successful after-220 tests is 30 days; that's probably sufficient for the majority. A very low volume server might need to cache longer. The DNS blocklist test will only cache for 1 hour, but that won't tempfail mail and shouldn't need to be changed. If you want to proactively whitelist google's servers, they publish SPF records so you don't have to spend much effort hunting them down. The postscreen access list is IP-only and can't use client or sender domain names. And you've already added a bunch of their servers to your cache. I don't bother with trying to whitelist big senders, and I don't think many other folks do either. The big senders usually end up in the the cache by themselves pretty quickly, and the once-every-30-days refresh isn't particularly intrusive. You just got caught in a situation where an important mail came through before the whitelist had a chance to populate. > Management(TM) saw the CC'ed reply, but hadn't gotten the original message. > This has caused some concern. I probably repeat once a week to folks around here something like: "The mail protocol standards are heavily weighted towards not losing mail rather than instant delivery, and sometimes mail is unavoidably delayed. Much of this is outside our control. Either the delayed message will eventually arrive, or the sender will get a notice that it was not delivered." -- Noel Jones
