[nSLUG] Whither to bounce unknown recipient address?
billdavidson at eastlink.ca
Thu Aug 30 20:34:39 ADT 2007
Sure, your DNS setup is reliable, but it doesn't cache all of the DNS tree,
and there are lots of zones out there for which an authoritative server
might not be available for some reason. The point is, SMTP is supposed to
work in the face of DNS failures, and that is why rejects based on such
lookup failures are usually 4xx "Try again later".
Earlier you wrote:
> the change I was considering would be a
> significant change as it would mean someone sending
> in email with a typo of the user address gets no response,
> as if it had delivered.
I disagree. If the mail is legit then it is relayed through the sender's
MTA, and if you reject their mail as undeliverable, which you should, then
*their* MTA will notify them that their mail could not be delivered because
your server said "550 User unknown".
Of course, in my experience, the user will then insist that there is
*nothing* wrong with the address they used and your mail server is wrong!
----- Original Message -----
From: "D G Teed" <donald.teed at gmail.com>
To: "Nova Scotia Linux User Group" <nslug at nslug.ns.ca>
Sent: Thursday, August 30, 2007 3:33 PM
Subject: Re: [nSLUG] Whither to bounce unknown recipient address?
> The DNS checks are reliable. My DNS server has as much
> chance of breaking as postfix, and it uses a local machine
> server, so it is all in one boat. Anyway, given what I saw
> today coming from bot nets in Korea, Turkey and Russia, I suspect
> DNS rejects are just another back scatter method.
> I think the best solution will be to change the bounce template
> so that minimal content goes back.
> On 8/30/07, Ian Campbell <ian at slu.ms> wrote:
>> On Thu, Aug 30, 2007 at 03:14:32PM -0300, D G Teed wrote:
>> > Thanks for the tips. We've got amavisd+SA , RBL+,
>> > clamav, reject from reverse DNS failure and
>> > many more configurations to defeat spammers.
>> > SPF and DKIM are on my to do list.
>> Be careful with permanent rejections based on DNS checks. If your DNS
>> breaks, you might be losing mail if your DNS breaks.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.6 (GNU/Linux)
>> -----END PGP SIGNATURE-----
>> nSLUG mailing list
>> nSLUG at nslug.ns.ca
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.484 / Virus Database: 269.13.0/980 - Release Date: 8/30/2007
> 6:05 PM
More information about the nSLUG