NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-02

Re: Postfix on fake MX

From: Andras Galos (galosanetinform.hu)
Date: Tue Feb 12 2008 - 19:03:17 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wietse Venema wrote:
> Andras Galos:
>> Wietse Venema wrote:
>>> Andras Galos:
>>>> Wietse Venema wrote:
>>>>> And what evidence do you have that hanging up without reply would
>>>>> result in different remote SMTP client behavior than sending a 421
>>>>> reply and hanging up?
>>>> I'm rather afraid of. 421 means try again, while hangup says this is a
>>>> bad MX, try another one.
>>> That is not evidence of actual client behavior. That's speculation.
>> Yes it is. Can I reject everybody with 4xx on the fake MX? No sender
>> will see this error message, but the one from the primary MX in case of
>> any error report, delay report, or so? It could be something like "421
>> MX unavalaible" or similar, but this message should not appear in
>> senders' mailboxes in any cases. I'm afraid it's an 'answer' that the
>> client receives and this is something that could be misunderstood by the
>> client. While a hangup is not an 'answer'. There is no need an answer at
>> all on a fake MX. The answer is an unnecessary point of failure here.
>> If you really say 4xx, I'll do that.
>
> If the primary MX hangs up after RCPT, many SMTP implementations
> will connect to a backup MX host, but not all.
>
> For example, qmail, and Postfix versions before 2.1 do not switch
> to an alternate MTA after they have already established an SMTP
> session. Instead they queue the mail and try again later.
>
> The change in Postfix was implemented primarily by keeping the
> intricate SMTP engine unchanged, and by delaying the handling of
> non-permanent errors. This has resulted in a somewhat unusual
> architecture.

Then it seems there is no safe way to filter mail on a fake MX after the
connection was established, after the RCPT. A fake MX should be fake, no
connections at all. I have to say goodbye to those many spam that knock
on the wrong door, do I? :(

Best regards,
Andras Galos

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]