El 08/02/13 11:27, Robert Schetterer escribió:
Am 08.02.2013 10:42, schrieb Angel L. Mateo:
El 08/02/13 10:02, Robert Schetterer escribió:
Am 08.02.2013 09:29, schrieb Angel L. Mateo:
Hello,
I have list servers that send mails through another relay servers.
With this configuration all mail sent from our mail servers are
delivered through our relay servers. All servers use postfix (list
servers use 2.7.0 and relay 2.5.5)
We are having problems with dns lookups to one domain. I know is
not
a postfix problem, but a dns configuration error in that domain. But it
is affecting our servers.
The problem is that whenever the relay server receives a mail
directed to that domain, I get the error "conversation with <mail
server> timed out while sending MAIL FROM". And as list server group
messages, all recipients in that group as rejected.
as workaround you can use a a deditacted transport for that domain
I've been looking for the problem on that domain and is a timeout
problem. Due to some problem in its configuration, I've never have an
answer (the domain exists, but it doesn't answer).
what does not answer ,their mailserver , your dns ?
Their DNS doesn't respond. If I query it manually with dig, I get a
timeout with no answer.
The problem I'm having is that my relay server has
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain, check_recipient_access
pcre:/etc/postfix/recipient_checks.pcre, check_recipient_access
hash:/etc/postfix/verified_recipient_checks, check_policy_service
inet:127.0.0.1:10031,
permit_mynetworks,permit_sasl_authenticated,
reject_unauth_destination, check_recipient_maps, permit
and is timing out in the reject_unknown_recipient_domain. As the
server doesn't have any answer, the smtp connection from my list servers
are completely timing out.
I guess it could be a better behaviour if in this situation my relay
server could return a 450 for this domain (at least, with this behaviour
my list server could try with other recipients of the message)
this should be default, unless you didnt changed or override it
reject_unknown_recipient_domain
Reject the request when Postfix is not final destination for the
recipient domain, and the RCPT TO domain has 1) no DNS A or MX record or
2) a malformed MX record such as a record with a zero-length MX hostname
(Postfix version 2.3 and later).
The unknown_address_reject_code parameter specifies the numerical
response code for rejected requests (default: 450). The response is
always 450 in case of a temporary DNS error.
I know this. It is normally working fine. My problem with this domain
is that it is not being rejected. postfix just times out.
you should invest more time in analyse the real problem
i.e some routing problems may cause it
Solving the problem with this particular domain (which is not mine),
solves my problem now, but not future similar problems. So I think it
would be better to avoid the situation.
as far i remember all dns checks have tmp failure code
at default, sometimes it makes sense to change some of them global, this
is kind of design question, however you may construct bypasses with
smtpd_restriction_classes too depending to i.e some ipaddress etc
http://www.postfix.org/RESTRICTION_CLASS_README.html
i your case , the question seems , at what server and what point you
want to react with what error by dns rejects
I want my relay server to reject the mail (at
reject_unknown_recipient_domain option with the corresponding reject
code) not to time out.
--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 868888337
