[milters] Archive

Lists Index Date Thread Search

Article: 1659
From: Anthony Howe
Date: 2007-08-27 11:53:03 -0400
Subject: Re: Milter for delaying email to a blocking ISP.

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Jim Hermann - UUN Hostmaster wrote:
> The blocking ISP uses response code 554 Service Unavailable, which my
> sendmail interprets as a Permanent Error and bounces the email.  It does not
> queue the message until later.  Here are the transcripts:
> 
>    ----- Transcript of session follows -----
> ... while talking to mailin-02.mx.aol.com.:
>>>> DATA
> <<< 554-:  (RLY:CS4) http://postmaster.info.aol.com/errors/554rlycs4.html
> <<< 554 TRANSACTION FAILED
> 554 5.0.0 Service unavailable

Are you using milter-ahead for outbound mail? There is NO point in doing 
call-ahead for outbound mail. milter-ahead was design for mail gateways 
*receiving* mail to call-ahead to *internal* mail stores or customer 
machine during the SMTP session before accepting a message.

Calling ahead to MXes outside your control or client base is pointless. 
In the above case calling-ahead to AOL.com will probably get you 
blacklisted, because they will see the call-ahead as a dictionary attack.

Outbound mail from you network should be white listed through 
milter-ahead at the very least in access.db (be sure to enable the 
access-db option as it is off by default) or be using SMTP AUTH, which 
white lists also.

Similarly for comcast below you should NOT be performing a call-ahead 
for outbound mail.

Also correctly setting up SPF records for your domains and outbound mail 
hosts helps to some degree with AOL, Gmail, and probably others.

>    ----- Transcript of session follows -----
> ... while talking to gateway-r2.comcast.net.:
>>>> MAIL From:<xxx@xxx> SIZE=2222
> <<< 550 69.94.104.190 blocked by ldap:ou=rblmx,dc=comcast,dc=net -> BL003
> Blocked for spam. Please see
> http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18627
> 554 5.0.0 Service unavailable
> 
> I was hoping to get milter-ahead to delay the email until later.

No. A 5xy class response is a permanent rejection. If they had said 421 
or simply not answered that would have been a temporary failure and 
result in the message being either deferred at the sender's MTA or 
accepted and queued when backup-mx is set.

However, these DSN would indicate to me that you are using milter-ahead 
incorrectly to call-ahead to the Internet at large for outbound mail and 
  this getting blacklisted.

I would recommend joining AOL's Feedback Loop service and likewise for 
Comcast if they have one.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561      Sendmail Milter Solutions
http://www.snert.com/                 
     http://www.snertsoft.com/

Lists Index Date Thread Search