OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: reject_unknown_sender_domain - still relevant?
From: Liviu Daia (Liviu.Daiaimar.ro)
Date: Sun Feb 06 2000 - 16:26:24 CST

On 6 February 2000, Greg Stark <gsstarkmit.edu> wrote:
> jseymourjimsun.LinxNet.com (Jim Seymour) writes:
>
> > In message <20000206212029.A6527tirad.internal.iphil.net>,
> > dated Sun, 6 Feb 2000 21:20:29 +0800,
> > "Miguel A.L. Paraz" <mapiphil.net> wrote regarding the subject
> > "reject_unknown_sender_domain - still relevant?":
> > >
> > > Hi all,
> > >
> > > I note that the vast majority of "Domain not found:" messages due
> > > to 'reject_unknown_sender_domain' are from misconfigured sender
> > > mail systems, or misspellings in user MTA's.
> >
> > Then, IMO, they should fix them. I see no particularly good reason
> > to cripple my MTA for the purpose of encouraging their incompetence.
>
> Is this a transient error or a permanent error? If it's a permanent
> error then I suggest your system is broken. It means that if your DNS
> server goes down or if there's a major internet partition and you
> can't reach the outside world then you'll reject all incoming mail
> with permanent errors.
>
> A transient error does make sense here. In fact one suggested
> anti-spam mechanism was to give transient error messages for all
> messages and cache the envelope information. Then accept it the second
> time through. This is on the theory that spammers generally don't ever
> retry whereas real mail will.

    From the RELEASE_NOTES file:

: Major changes with postfix-19991231:
[...]
: - It is now relatively safe to configure 550 status codes for the
: main.cf unknown_address_reject_code or unknown_client_reject_code
: parameters. The SMTP server now always sends a 450 (try again) reply
: code when an UCE restriction fails due to a soft DNS error, regardless
: of what main.cf specifies.

    This change was added to help people fight against certain
Microsoft-spawned MTAs that, after receiving a 450 return code, happily
tried to resend the message every few seconds, until the logs filled the
disk or you firewalled their IP, whichever came first.

    On a related topic however, I was one of the happy few to witness
spammers sending hundreds of messages after receiving a 550 code,
presumably because the 550 came before the RCPT TO (this was back in the
days when Postfix didn't delay the UCE checks till the RCPT TO stage).
As Wietse put it, life happens --- but my conclusion was you can't
assume spam-oriented MTAs retry less often than "normal" clients.

    Regards,

    Liviu Daia 

-- 
Dr. Liviu Daia               e-mail:   Liviu.Daiaimar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc