[milters] Archive

Lists Index Date Thread Search

Article: 85
From: Adam Gibson
Date: 2004-09-23 11:01:40 -0400
Subject: Re: milter-sender 'not answering' response

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Anthony Howe wrote:
> Grey-listing only kicks in when the call-back test results in an 
> inconclusive answer: both an intended false address and the test address 
> return 250 responses for the RCPT command - yahoo.com is a good example 
> of this, so too are many secondary MXes that blindly accept anything for 
> their domains.
> 
> If all the MXes, primary and secondary, upto MxCallBackMaxAttempts for a 
> domain fail to answer, then they are assumed bogus and the message is 
> rejected with "not answering".

That explains what I am seeing.  Unfortunately a few important emails 
are getting rejected because of that.  AOL's server 
(newman.oscar.aol.com) finally started accepting connections today for 
remind@newman.oscar.aol.com so grey-listing is kicking in now, but it 
seems to retry 5 times really quick when sending the emails(within 3 
seconds) and then give up so grey-listing wont help there anyway.  I 
will just have to monitor the logs looking for false positives to add to 
the access db.

> 
> 
>>constantly give the response of 'not answering' from automated 
>>systems(incoming mail from automated aol password reset requests, 
>>entrust cert renewal reponses, etc).  The mail servers try to resend it 
>>later but we still give the same response.
> 
> 
> If you haven't already, add SPF records for your domain. AOL has many 
> multi-homed MXes and one or more of them usually answers. AOL may  be 
> rejecting the call-back based on lack of an SPF record. This is not certain.

I do not think the SPF records are the issue.  The email in question is 
remind@newman.oscar.aol.com which does not have any MX records and the 
host itself was not responding to connections yesterday.  The email 
address is sent by aol for password reset requests and not a general 
@aol.com email address.

I am still waiting to see what becomes a standard before trying to 
implement SPF.  Last time I looked at that there were issues when users 
have to send email through their ISPs.

Thanks for the response.  That clears things up for me.

Lists Index Date Thread Search