Re: [qmailtoaster] Re: Updated more info>>[Fwd: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER]

[Tonix (Antonio Nati)]

Il 01/09/2011 00:15, Eric Shubert ha scritto:
On 08/31/2011 02:46 PM, Tim Pleiman wrote:
Is that this tcp.smtp rule?
SENDER_NOCHECK="1"

It's possible that I may have dealt with this before on a different 
server
and have simply forgotten. I implemented the above setting on another
system due to some other similar issue as I recall. I'm thinking that 
the
above disables a bunch of different MX checks by CHKUSER, possibly
including this one.

However, is this the more specific rule?

CHKUSER_RCPT_MX="0"

I think so. Tonino (the chkuser author, who hangs around here 
occasionally) can say for sure.

As said in other email, DNS is only one of things clients do not manage. 
Also full mailboxes or not existing (local) recipients can make problems.

I think the question should be:

MX: chkuser full on
ACCEPTING/RELAYING SERVER: chkuser off (except submission port feature - 
version 2.0.9)



I can't seem to find a list over at interazioni.it for all the tcp.smtp
rule settings.

I'm not quite clear on that either. They're not tcp.smtp rule settings 
so much as they are simply environment variables. They can be set in 
other places (think run file) as well, although that would be more 
global, and not IP specific as the tcp.smtp settings can be.

Tonino, can you clarify this please?

Exactly Eric, this are (usually) server behaviours, so should go in run 
commands (unless you are going to write them for any IP inside 
TCP.SMTP). Of course they can also be used for some senders IP, but I 
feel it a rare case.

Regards,

Tonino


These servers are all at CHKUSER 2.0.8, so I'm thinking I should be able
to turn this off then in tcp.smtp provided I choose the right rule
setting.

Yes.

However, in 2.0.8, according to interazioni.it, the "CHKUSER_RCPT_MX"
setting is undefined which should mean that it's off by default, 
correct?
So, that's confusing me as to why the check is happening at all.

It is off by default for chkuser, but it's on by default with QMT. 
Jake felt it was better to keep things consistent with previous QMT 
behavior. However, I think Jake created a version (I have 
qmail-toaster-1.03-1.3.21) which has CHKUSER_SENDER_MX turned off by 
default. The CHKUSER_RCPT_MX setting is still enabled though. See 
/var/qmail/doc/chkuser_settings.h file for settings that are in effect 
for your QMT.

Ideas?

Jake will likely clarify.

Thanks,
Tim


On Wed, August 31, 2011 3:42 pm, Eric Shubert wrote:
I believe that the default chkuser settings will be used in QMTv2.
According to
http://www.interazioni.it/opensource/chkuser/documentation/chkuser_settings.html 

the MX checks are now off by default. I believe that they can be turned
on with an environment variable set in the tcp.smtp or run file if
desired, so no rebuilding will be needed.

On 08/31/2011 12:19 PM, Tim Pleiman wrote:
Here's the troublesome feature:

CHKUSER_RCPTMX_TMP_STRING     2.0.7     defined     "451 DNS 
temporary failure
(#4.5.1 - chkuser)\r\n"
String emitted if there is a soft DNS error on recipient domain.

---------------------------- Original Message
----------------------------
Subject: [qmailtoaster] 451 DNS Temporary Failure: Issue that 
should be
addressed in  CHKUSER
From:    "Tim Pleiman"<tplei...@bravosystemstech.net>
Date:    Wed, August 31, 2011 2:00 pm
To:      qmailtoaster-list@qmailtoaster.com
-------------------------------------------------------------------------- 


Eric,

Over the last couple of years working with qmailtoaster, I've come to
both
love and hate this particular CHKUSER check.

I keep copies of all the messages from the qmt list, and searching for
the
string "451 DNS Temporary Problem," it seems to me that people have 
many
problems with it that could be addressed with some simple fixes to the
CHKUSR code--e.g. more detailed error responses from CHKUSER that 
better
define the nature of the problem.

Unlike the posts I've read over the last year or so, I'm not having 
any
trouble with my caching nameserver, DJBDNS. It's working properly, has
always been working properly. I love DJBDNS. However, here's the 
problem
that I have with this particular CHKUSER check:

When a sender tries to send a message to a single 
"u...@domain.com," if
the domain MX is unresolveable in DNS as follows:

2011-08-31 12:56:25.144555500 servfail nc-mail.nchicago.org.
input/output
error

CHKUSR will return the "451 DNS Temporary Failure" error indicative of
the
issue. In this case today, the above particular domain has no MX 
record
for it's e-mail--their problem, not mine.

So, this immediately prevents queuing of messages in QMail that cannot
currently be delivered immediately to that one particular domain. This
is
a good thing as it alerts the sender that the message cannot be
delivered
now--e.g. QMail is not going to queue the message now because it would
just sit there, either waiting for the MX to become available or, 
if it
does not, bouncing the message after the queuelifetime expires.

Now, aside from the fact that the average person doesn't know what 
this
means, I can deal with it, albeit it is not ideal (the average
user-sender
does not know what the heck "451 DNS Temporary Failure" is).

However, when sending out a multi-recipient message, this is when the
issue gets really dicey. CHKUSR stubbornly refuses to queue the 
message
at
all for any of the recipients, even the ones that have valid MXes, 
as it
simply also returns the "451 DNS Temporary Failure" error with no 
other
information at all.

What this means is that the sender of the multi-recipient message 
has to
figure out on his/her own which e-mail domain can currently not 
accept a
delivery. The only way to determine this is to send the message to 
each
of
the recipients individually until you hit the one with the
invalid/unavailable MX.

Now, I think the ultimate resolution of this issue would be for 
CHKUSER
to
be updated to provide better error responses on this particular check.
For
single-recipient messages, it should respond with something like "451
DNS
temporary failure: mail server for domain 'somedomain.com' is 
currently
unavailable." In the case of multi-recipient messages, it should go
ahead
and queue the message for the valid domains, while returning a similar
error for the MX domain(s) that is not available.

Meanwhile, from what I can tell from the list archives, there is
currently
no way to disable this CHKUSER check entirely without manually
recompiling
CHKUSER.

If there is already a simple fix/adjustment for this, let me know (and
I'll apologize in advance for missing this). Otherwise, it would be
great
in future QMT releases to have this CHKUSER check disabled entirely,
pending an adjustment to CHKUSER, as it results in lots of puzzled 
user
inquiries. With this disabled, such messages would go into the 
queue for
QMail to bounce on its own. I understand that the feature also alerts
admins to their own DNS server issues as well. However, those 
should be
issues that server admins can resolve on their own anyway. It's the
user-related problems that this check causes that, to me, are most
troublesome.

Thanks!
Tim


--
-Eric 'shubes'


--------------------------------------------------------------------------------- 

Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
     Vickers Consulting Group offers Qmailtoaster support and
installations.
       If you need professional help with your setup, contact them 
today!
--------------------------------------------------------------------------------- 

      Please visit qmailtoaster.com for the latest news, updates, and
packages.

       To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
      For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com









--
------------------------------------------------------------
        Inter@zioni            Interazioni di Antonio Nati
   http://www.interazioni.it      to...@interazioni.it
------------------------------------------------------------


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com