SMTP Replies

Below is a list of smtpf reply messages in numerical order, with a brief explination and/or a link to the documentation where the options responsible are explained in more detail.

550 5.7.1 host %s [%s] %s #120

There is a Connect: tag entry for either the client name or IP address with a right-hand-side value of REJECT. See access-map.

450 4.7.1 host %s [%s] %s #853

There is a Connect: tag entry for either the client name or IP address with a right-hand-side value of TEMPFAIL. See access-map.

550 5.7.1 host %s [%s] %s #854

There is a Connect: tag entry for either the client name or IP address with a right-hand-side value of IREJECT. See access-map.

550 5.7.1 host %s [%s] from RFC2606 reserved domain #121

See rfc2606-special-domains.

550 5.7.1 host %s [%s] from unknown TLD #122

See reject-unknown-tld.

550 5.7.1 host %s [%s] sender <%s> %s #125

There is a Connect:From: combo tag entry for either the client name and sender pair or client IP address and sender pair with a right-hand-side value of REJECT. See access-map.

450 4.7.1 host %s [%s] sender <%s> %s #814

There is a Connect:From: combo tag entry for either the client name and sender pair or client IP address and sender pair with a right-hand-side value of TEMPFAIL. See access-map.

550 5.7.1 host %s [%s] sender <%s> %s #855

There is a Connect:From: combo tag entry for either the client name and sender pair or client IP address and sender pair with a right-hand-side value of IREJECT. See access-map.

550 5.7.1 sender <%s> %s #127

There is a From: tag entry for the sender address or their domain with a right-hand-side value of REJECT. See access-map.

450 4.7.1 sender <%s> %s #815

There is a From: tag entry for the sender address or their domain with a right-hand-side value of TEMPFAIL. See access-map.

550 5.7.1 sender <%s> %s #856

There is a From: tag entry for the sender address or their domain with a right-hand-side value of IREJECT. See access-map.

550 5.7.1 sender <%s> from RFC2606 reserved domain #128

See rfc2606-special-domains.

550 5.7.1 sender <%s> from unknown TLD #129

See reject-unknown-tld.

550 5.7.1 routed address relaying denied #131

See reject-percent-relay.

550 5.7.1 UUCP addressing denied #132

See reject-uucp-route. smtpf currently does nothing special with UUCP paths, so disabling this option will have undefined results.

550 5.7.1 special case of at-sign in local-part denied #133

See reject-quoted-at-sign.

550 5.7.1 host %s [%s] recipient <%s> %s #135

There is a Connect:To: combo tag entry for either the client name and recipient pair or client IP address and recipient pair with a right-hand-side value of REJECT. See access-map.

450 4.7.1 host %s [%s] recipient <%s> %s #816

There is a Connect:To: combo tag entry for either the client name and recipient pair or client IP address and recipient pair with a right-hand-side value of TEMPFAIL. See access-map.

550 5.7.1 sender <%s> recipient <%s> %s #137

There is a From:To: combo tag entry for a sender and recipient pair with a right-hand-side value of REJECT. See access-map.

450 4.7.1 sender <%s> recipient <%s> %s #817

There is a From:To: combo tag entry for a sender and recipient pair with a right-hand-side value of TEMPFAIL. See access-map.

550 5.7.1 recipient <%s> %s #139

There is a To: tag entry for sender's address with a right-hand-side value of REJECT. See access-map.

450 4.7.1 recipient <%s> %s #818

There is a To: tag entry for sender's address with a right-hand-side value of TEMPFAIL. See access-map.

550 5.7.1 recipient <%s> from RFC2606 reserved domain #140

See rfc2606-special-domains.

550 5.7.1 recipient <%s> from unknown TLD #141

See reject-unknown-tld.

550 5.7.1 helo %s %s #924

There is a Helo: tag entry for HELO/EHLO argument a right-hand-side value of REJECT. See access-map.

450 4.7.1 helo %s %s #925

There is a Helo: tag entry for HELO/EHLO argument a right-hand-side value of TEMPFAIL. See access-map.

550 5.7.1 helo %s %s #926

There is a Helo: tag entry for HELO/EHLO argument a right-hand-side value of IREJECT. See access-map.

550 5.7.0 message contains blocked file attachment (%s) #826

See deny-content, deny-content-type, deny-content-name, and deny-compressed-name options.

451 4.4.0 avastd address error: %s (%d) #149

451 4.4.0 avastd open error: %s (%d) #150

451 4.4.0 avastd connect error: %s (%d) #151

451 4.4.0 avastd read error: %s (%d) #153

451 4.4.0 avastd buffer overflow #154

451 4.4.0 avastd write error: %s (%d) #156

451 4.4.0 avastd read error: %s (%d) #158

451 4.4.0 avastd read error: %s (%d) #160

See avastd-socket and avastd-timeout.

550 5.7.1 %s #162

The avastd daemon found a virus or suspicious content in the message. See avastd-policy.

451 4.4.0 clamd address error: %s (%d) #178

451 4.4.0 clamd open error: %s (%d) #179

451 4.4.0 clamd connect error: %s (%d) #180

451 4.4.0 clamd buffer overflow #181

451 4.4.0 clamd write error: %s (%d) #183

451 4.4.0 clamd write error: %s (%d) #185

451 4.4.0 clamd session write error after %lu bytes #196

451 4.4.0 clamd session write error after %lu bytes #199

451 4.4.0 clamd session write error after %lu bytes #943

451 4.4.0 clamd session read error: %s (%d) #204

See clamd-socket and clamd-timeout.

451 4.4.0 unexpected clamd result: %s #206

The clamd daemon returned an unexpected result. This may be due to unexpected changes in the clamd protocol between program updates or data corruption over the network (assuming clamd runs on a different machine).

550 5.7.1 %s #208

The clamd daemon found a virus or suspicious content in the message. See clamd-policy.

%d %d.7.0 %s #224

The CLI child process standard output and standard error are used for specifying a multiline response. See cli-content and cli-envelope.

550 5.7.1 recipient <%s> expired #244

550 5.7.1 recipient <%s> invalid #245

221 2.0.0 %s closing connection #247

The connected client sent an SMTP QUIT command. The server will now close the connection.

500 5.5.1 %s command unknown #248

An unknown command was sent.

501 5.5.2 %s missing argument #249

The specified command requires one or more arguments.

502 5.5.1 %s not implemented #250

The given command is specified in a known RFC, but not supported.

503 5.5.1 %s out of sequence #251

The specified command was sent out of order with respect to other commands expected before this command. For example HELO or EHLO must be issued and accepted before the first MAIL FROM:; a successful MAIL FROM: must be sent before any RCPT TO: commands; and there must be at least one successful RCPT TO: before the DATA command will be accepted. See RFC 2821 for details. Other SMTP command extensions may impose similar sequence restrictions, such as AUTH (RFC 2554) after EHLO and before MAIL FROM:.

550 5.7.1 client %s [%s] is schizophrenic #252

The client has sent HELO or EHLO more than once with different arguments each time.

502 5.5.1 EHLO not supported #253

When the smtp-enable-esmtp option is off, we force the client to down grade to the older HELO command per RFC 2821.

250-Hello %s [%s] #254

550 5.7.1 client %s [%s] is schizophrenic #255

The client has sent HELO or EHLO more than once with different arguments each time.

250 Hello %s [%s] #256

501 5.5.1 AUTH cancelled #259

501 5.5.1 AUTH cancelled #264

502 5.5.1 AUTH not supported #827

See smtp-auth-enable documentation.

503 5.5.1 already authenticated #267

RFC 2554 states that once a client successfully authenticates, additional AUTH commands are rejected.

504 5.5.4 unknown AUTH mechanism #269

smtpf only supports AUTH PLAIN and AUTH LOGIN mechanisms.

235 2.0.0 authenticated #274

The client has successfully authenticated and their messages will be queued by the local route. See route-map documentation.

535 5.7.0 authentication failed #275

458 4.4.0 unable to queue messages for %s #276

SMTP ETRN commands are sent to the local route, which is responsible for queuing. See route-map documentation.

%s #277

After an SMTP ETRN command, this is the response relayed from the one of local route servers.

553 5.5.2 rejected sender %s %s #279

The SMTP MAIL FROM: address could not be correctly parsed according to the strict application of one or more RFC 2821 grammar rules. See rfc2821-line-length, rfc2821-local-length, rfc2821-domain-length, rfc2821-literal-plus, rfc2821-strict-dot.

450 4.7.1 more than one sender <%s> domain per session; domain=%s #944

501 5.5.2 syntax error #280

The RFC 2821 grammar for the MAIL FROM: command does not allow for white space between the FROM: and the <address> argument. When they appear it is typically a virus or spamware sign. See rfc2821-extra-spaces.

%d %d.1.0 sender <%s> denied #282

The forward host rejected or temporarily failed the sender.

250 2.1.0 sender <%s> accepted #283

553 5.5.2 rejected recipient %s %s #284

The SMTP RCPT TO: address could not be correctly parsed according to the strict application of one or more RFC 2821 grammar rules. See rfc2821-line-length, rfc2821-local-length, rfc2821-domain-length, rfc2821-literal-plus, rfc2821-strict-dot.

501 5.5.2 syntax error #285

The RFC 2821 grammar for the RCPT TO: command does not allow for white space between the TO: and the <address> argument. When they appear it is typically a virus or spamware sign. See rfc2821-extra-spaces.

550 5.7.1 null recipient invalid #286

The SMTP client specified RCPT TO:<>

451 4.0.0 cannot forward mail for <%s> at this time #287

550 5.7.1 recipient <%s> relaying denied #288

The SMTP client is attempting to relay mail for an unknown recipient domain. Domains that smtpf is responsible for is specified in the route-map. Either the domain has not yet been added, was removed, or the SMTP client is hoping that the server is an open relay.

250 2.1.5 recipient <%s> accepted #290

550 5.7.1 recipient <%s> unknown #292

A call-ahead to a down stream host rejected the recipient. See route-map about RCPT: attribute.

550 5.7.1 recipient <%s> relaying denied #293

The SMTP client is attempting to relay mail for an unknown recipient domain. Domains that smtpf is responsible for is specified in the route-map. Either the domain has not yet been added, was removed, or the SMTP client is hoping that the server is an open relay.

451 4.0.0 cannot forward mail for <%s> at this time #295

We are responsible for this domain, but had a connection error with the forward host.

550 5.7.1 recipient <%s> relaying denied #296

The SMTP client is attempting to relay mail for an unknown recipient domain. Domains that smtpf is responsible for is specified in the route-map. Either the domain has not yet been added, was removed, or the SMTP client is hoping that the server is an open relay.

250 2.1.5 recipient <%s> accepted #297

%s #299

See relay-reply option. The whole reply from the forward host is relayed to the client.

%srecipient <%s> denied #300

See relay-reply option. Only the reply codes from the forward host are relayed to the client with a standardise reason.

554 5.7.0 transaction failed #306

While forwarding a message for a single recipient, the forward host rejected the message.

451 4.4.0 transaction aborted #307

While forwarding a message for a single recipient, the forward host returned a temporary failure of the message.

554 5.5.2 content line too long (%ld); RFC 2821 section 4.5.3.1 #321

See rfc2821-line-length.

550 5.7.1 missing of end-of-header line #927

550 5.7.0 this message blocked for unspecified reasons #945

501 5.5.4 %s requires restart #323

Some options cannot be changed during runtime. Modify the /etc/smtpf/smtpf.cf options file, then restart the smtpf process.

214 2.0.0 killing session %s #324

550 5.0.0 session %s killed #325

214 2.0.0 killing session %s #324

550 5.0.0 session %s killed #325

504 5.5.4 session %s not found #326

The session given to KILL was not found. It probably terminated before this command was entered or there is a typo in the session ID given.

501 5.5.4 invalid argument %s #928

421 4.7.1 client %s [%s] too many concurrent connections, max=%ld #329

See the access-map concerning the Concurrent-Connect: tag.

451 4.4.0 ctasd session write error after %lu bytes #950

451 4.4.0 ctasd session write error after %lu bytes #953

550 5.7.1 %s #960

451 4.7.1 message %s cannot be delivered at this time #961

The ctasd daemon found a virus or suspicious content in the message. See ctasd-policy.

550 5.7.0 message contains blocked MIME part (%s) #870

550 5.3.4 duplicate message rejected #340

550 5.7.1 DSN or MDN in response to an old message #357

See the emew-ttl option.

550 5.7.1 DSN or MDN for message that did not originate here #358

See the emew-secret and emew-dsn-policy options.

421 4.4.0 client %s [%s] unknown #363

The Four21 module is experimental and is only present at select test sites. See four21-unknown-ip option.

This is a RFC 2821 conformance test. Check if the connecting client IP that has never been seen before. If it has not, then 421 the connection and observe if they send a clean QUIT (as specified in RFC 2821), pipeline, or disconnect. If the latter two occur, then the IP is auto-blacklisted.

554 5.4.0 client %s [%s] "No soup for you!" #364

The Four21 module is experimental and only present at select test sites. This response (a reference to the Sienfeld Soup Nazi episode) is the reply given if the client IP failed the 421 test and was subsequently auto-blacklisted. See four21-unknown-ip option.

451 4.4.0 fpscand address error: %s (%d) #367

451 4.4.0 fpscand open error: %s (%d) #368

451 4.4.0 fpscand connect error: %s (%d) #369

451 4.4.0 fpscand buffer overflow #370

451 4.4.0 fpscand write error: %s (%d) #372

451 4.4.0 fpscand read error: %s (%d) #373

See fpscand-socket and fpscand-timeout.

550 5.7.1 %s #376

The fpscand daemon found a virus or suspicious content in the message. See fpscand-policy.

550 5.7.0 client %s [%s] sender <%s> must be sent from %s #921

550 5.7.1 %s [%s] failed grey listing #388

421 4.4.5 client %s [%s] connections %ld exceed %ld/60s #522

See the access-map concerning the Rate-Connect: tag.

421 4.4.3 PTR record lookup error for [%s] #415

554 5.7.1 reject [%s] missing PTR record #416

See client-is-mx and client-ptr-required options.

550 5.7.1 reject IP in client name %s [%s] (1) #418

See client-is-mx and client-ip-in-ptr options.

501 5.5.4 invalid HELO %s #423

The HELO or EHLO argument contains include characters in the string. The set of valid characters are alpha-numerics, hyphen, underscore, square brackets, and dot. There is no option to turn this test off.

550 5.7.0 HELO %s does not match client %s [%s] #424

See helo-ip-mismatch option.

550 5.7.0 HELO %s from RFC2606 reserved domain #427

See rfc2606-special-domains option.

550 5.7.0 HELO %s argument must be a FQDN or IP-domain literal #428

See rfc2821-strict-helo option.

550 5.7.0 %s [%s] claims to be us "%s" #430

See helo-claims-us option.

550 5.7.0 HELO %s equivalent to client IP-in-PTR #432

See helo-is-ptr option.

553 5.1.8 sender <%s> from %s has no MX record #434

See mail-require-mx option.

451 4.4.3 sender <%s> from %s MX lookup error #436

See mail-require-mx option.

553 5.1.8 sender <%s> from %s MX invalid #439

The MX list gathered from DNS is pruned to remove hosts that resolve to localhost, RFC 3330 reserved IP addresses that cannot be reached from the Internet, or have no A/AAAA record. This message is reported if the MX list is empty after pruning.

451 4.1.8 sender <%s> from %s MX lookup error #907

The MX list gather from DNS had one or more A/AAAA records that returned a SERVFAIL result. See mail-require-mx option.

550 5.7.1 too many recipients for DSN or MDN #441

See one-rcpt-per-null option.

553 5.1.8 sender <%s> from %s has no MX record #443

See mail-require-mx option.

553 5.1.8 sender <%s> from %s MX invalid #445

The MX list gathered from DNS is pruned to remove hosts that resolve to localhost, RFC 3330 reserved IP addresses that cannot be reached from the Internet, or have no A/AAAA record. This message is reported if the MX list is empty after pruning.

451 4.4.3 sender <%s> from %s MX lookup error #447

See mail-require-mx option.

550 5.7.1 reject [%s] missing PTR record (2) #449

See client-is-mx and client-ptr-required options.

550 5.7.1 reject IP in client name %s [%s] (2) #450

See client-is-mx and client-ip-in-ptr options.

550 5.7.1 too many recipients for DSN or MDN #452

See one-rcpt-per-null option.

554 5.6.0 message headers must be US-ASCII, found 0x%.2X; RFC 2822 section 2.2 #456

See rfc2822-7bit-headers option.

Date:", ID_ARG(sess));

See rfc2822-strict-date option.

Message-ID:", ID_ARG(sess));

See rfc2822-min-headers option. The Message-ID is not correctly formatted according to RFC 2822 grammar.

Received:", ID_ARG(sess));

Resent-Date:", ID_ARG(sess));

See rfc2822-strict-date option.

554 5.6.0 missing RFC 2822 required headers #462

See rfc2822-min-headers option.

451 4.7.1 %s has exceeded %ld message%s per %ld %s%s #475

See the access-map concerning the Msg-Limit-Connect:, Msg-Limit-From:, Msg-Limit-To: tags.

451 4.4.2 internal network error for %s #481

An error occurred while sending an SMTP command to a forward host.

451 4.4.2 internal network error for %s #485

An error occurred while reading an SMTP reply from a forward host.

451 4.4.4 no answer from %s MX #488

While attempting to perfom a call-back, there was no answer from any of the MX servers tried. See call-back option.

553 5.4.4 %s does not exist #489

451 4.4.3 %s MX lookup error #491

While attempting to perfom a call-back, there was an error looking up the MX records of the sender's domain. See call-back option.

550 5.4.4 no acceptable MX for %s #493

While attempting to perfom a call-back, the MX list gathered from DNS was pruned to remove hosts that resolve to localhost, RFC 3330 reserved IP addresses that cannot be reached from the Internet, or have no A/AAAA record. This message is reported if the MX list is empty after pruning. See call-back option.

550 5.7.1 null-sender messages %ld for <%s> exceed %ld/60s #505

See the access-map concerning the Null-Rate-To: tag.

The access-map lookups are failing possible because of incorrect local databased file permissions; or in the case of a socketmap, the socketmap daemon has stopped. Connections are temporarily turned away.

421 4.4.5 client %s [%s] connections %ld exceed %ld/60s #522

See the access-map concerning the Rate-Connect: tag.

550 5.7.0 %s [%s] black listed by %s #525

550 5.7.0 IP [%s] in header black listed by %s #873

250 2.0.0 OK #547

Generic response that indicates the command was accepted.

214 2.0.0 end #548

Generic end of a multiline response.

250 2.0.0 proceed #507

There is is a delayed rejection/drop response that will be reported when the RCPT TO: is sent. See smtp-delay-checks.

421 4.3.2 service temporarily unavailable #966

421 4.3.0 internal server error #549

451 4.3.0 internal server error #550

421 4.3.2 system resources exceeded #551

Some serious condition such as out-of-memory, no more disk space, or similar resource related issue has occured. The connected client will be dropped as it is not possible to proceed until the condition has been resolved by the destination postmaster.

451 4.7.0 try again later #552

This is a generic response, typicall issued by grey-listing during the grey-temp-fail-period, however other tests such as SIQ support may also issue this response.

450 4.4.5 try again later #553

This is an alternate response issued by grey-content after the grey-temp-fail-period when the hashed message content does not match previously saved message hash.

250 2.0.0 message %s accepted #554

The message transaction has reached the final dot to end the message and was accepted for delivery.

550 5.7.1 message %s rejected #555

The message transaction has reached the final dot to end the message and was NOT accepted for delivery.

%d %d.7.0 sender <%s> verification failed #572

A call-back to the sender's MX failed to validate their address. See call-back option.

451 4.4.0 savdid address error: %s (%d) #832

451 4.4.0 savdid open error: %s (%d) #833

451 4.4.0 savdid connect error: %s (%d) #834

451 4.4.0 savdid read error: %s (%d) #836

451 4.4.0 savdid write error: %s (%d) #837

451 4.4.0 savdid read error: %s (%d) #839

See savdid-socket and savdid-timeout.

451 4.4.0 savdid read error: %s (%d) #841

See savdid-socket and savdid-timeout.

451 4.4.0 savdid buffer overflow #842

451 4.4.0 savdid write error: %s (%d) #844

550 5.7.1 %s #847

The savdid daemon found a virus or suspicious content in the message. See savdid-policy.

550 5.7.1 message rejected, SIQ score %d too low #617

See siq-score-reject option.

501 5.5.4 <%s> SIZE exceeds RFC 1870 max. length #903

552 5.3.4 <%s> (%lu bytes) exceeded max. message size of %lu bytes #901

550 5.3.4 %s [%s] (%lu bytes) exceeded max. message size of %lu bytes #625

See the access-map concerning the Length-Connect:, Length-From:, Length-To: tags.

550 5.3.3 pipelining not allowed #643

See the access-map concerning the Connect: tag.

sess, SMTPF_CONTINUE, "220 %s %sSMTP #632

A stripped down single line welcome banner sent to only localhost, LAN, and relays.

SMTPF_CONTINUE, "220%c%s %sSMTP %s #633

The first line of possible a multiline welcome banner.

500 5.5.2 RFC 2821 max. command line length exceeded (%ld) #640

See rfc2821-command-length.

500 5.5.2 %s [%s] sent non-printable characters in SMTP command #641

SMTP commands and their arguments can only consist of printable ASCII characters.

550 5.3.3 pipelining not allowed #643

See the access-map concerning the Connect: tag.

550 5.7.1 %s #666

See spamd-score-reject option.

550 5.7.1 message was already marked as spam by sender #678

See spamd-reject-sender-marked-spam and spamd-score-reject options.

550 5.7.1 message was already marked as spam by sender #679

See spamd-sender-marked-spam option.

550 5.7.1 %s #693

See spamd-score-reject option.

%s HELO %s from %s [%s] SPF result %s; %s #701

See spf-helo-policy option.

%s sender <%s> via %s (%s [%s]) SPF result %s; %s #702

See spf-mail-policy option.

550 5.7.1 recipient <%s> black listed #886

A time-limited recipient has expired and was rejected. See time-limit-delimiters.

URI host %s in non-existant domain #740

URI domain %s where NS %s contains IP %s in name #741

See uri-ip-in-ns and uri-bl-policy options.

URI domain %s where NS %s in non-existant domain #743

See uri-ns-nxdomain and uri-bl-policy options.

URI domain %s lookup timeout #744

See uri-reject-on-timeout and uri-bl-policy options.

URI domain %s does not exist (%s) #745

See uri-reject-unknown and uri-bl-policy options.

URI host %s contains IP %s in %s #746

See uri-ip-in-name and uri-bl-policy options.

URL host %s is missing a PTR #748

See uri-require-ptr and uri-bl-policy options.

black listed %s by %s #762

See ns-bl, uri-bl, uri-dns-bl, and uri-bl-policy options.

550 5.7.1 rejected mail address, <%s> black listed by %s #940

URI %s %s #763

See the access-map concerning the Body: tag.

host is an IP in URL %s #765

See uri-require-domain and uri-bl-policy options.

broken URL "%s": %s #766

See uri-links-policy option.

URI per message limit exceeded #781

See uri-max-limit option.

550 5.7.1 rejected URI NS, %s #894

450 4.7.1 URI %s SOA lookup error #919

URI %s invalid SOA (%d) #973

550 5.7.1 rejected content, %s #895

550 5.7.1 rejected client %s [%s], %s #790

See uri-bl-ptr option.

550 5.7.1 rejected PTR NS, %s #790

550 5.7.1 rejected HELO, %s #792

See uri-bl-helo option.

550 5.7.1 rejected MAIL FROM, %s #794

See uri-bl-mail option.

550 5.7.1 rejected MAIL NS, %s #900

- TOP -

Copyright 2006, 2010 by SnertSoft. All rights reserved.
BarricadeMX trademark & patents pending.