Arrgh, fix your malconfigured mailservers!
I started my day reading the statistics mail from my new testmail server. Bad move.
I’ve been butting my head against various errors all days. Including some I introduced myself (think I fixed it now, but it took a reboot afterwards).
But I’ll explain the worst one, that has me so frustrated.
When I first set up the server, the deferred queue filled up right away. I found some problems and fixed them. But there’s one I can’t fix:
450 address @domain.net: User unknown in local recipient table (in reply to RCPT TO command))
(I had to remove some brackets here. WP doesn’t like them)
I get this from a server I relay mail to regularly, and from various servers I send mail to now and then.
450 is a temporary error. And when you use 450 for a situation that’s never going to be resolved, the result is that the sending server can’t get rid of the mails until the end of the queue lifetime. The mail will just keep being resent, meeting the same error code and message each time.
The correct way to do this is this line:
said: 550 address @domain.net: Recipient address rejected: User unknown in relay recipient table
So for everybody who maintains a mail server, PLEASE double check that you don’t use a 450 for this use.
I mean, it’s OK if you do it when you first set the machine up, while you’re testing the configuration. But after that it’s a definite no no!!!!
December 16th, 2005 at 4:07 pm
I’m sorry, but I have to disagree with you. Not being able to find a user is far from a permanent failure. There are two common cases, less common is that the user account hasn’t been created yet (new hire), but more importantly, the user database may not be available or may be undergoing some sort of maintenance. Just because Right Now, the user isn’t known, it doesn’t mean that Real Soon Now it won’t be.
But, far more importantly, if you give up a 5xx error on a non-existent user, you may as well turn on VRFY because it becomes nearly the same thing!
CLD
P.S. I do love your site and read your blog often. Keep up the good work.
December 17th, 2005 at 4:14 am
I tried what you said. As long as VRFY is turned off, it doesn’t answer in a way that would give a spammer any clue.
And mine is set to give a 550 for non-existent users.
I’ve seen boxes that consistently give 450 answers, when the database is available. I won’t tell you every variable present in one case, but I can tell you for sure that it’s a malconfiguration.
December 17th, 2005 at 7:43 am
By giving out 550’s for non-existent addresses, you are informing the remote system which addresses are valid and therefore saving the spammer a ton of time. The amount of legitimate mail which remains in a spool due to incorrect addressing is tiny compared to the hassle it creates for the spammer who must either discard every 4xx or spool them properly and thereby cause exponential increase in the resources needed to deliver email.
A 550 is as good as a VRFY to someone running a dictionary against your MX. It tells the other side exactly what addresses are valid (those that are accepted) and those that are invalid (those that generate a 550). A proper mail spool will handle tens of thousands of pending deliveries, but a spammer is generally unwilling to do so because they have millions of deliveries to make.
None of that changes the fact that I believe a non-existent user is truly a temporary failure, at least at the SMTP level–the user may not exist at that moment in time, but may come into existence later.
I can understand your frustration at having a large queue, but that’s what queues are for. Eventually the mail goes away. It always goes away.
CLD
December 17th, 2005 at 11:40 am
I’m a big fan of :
550 Too many spammers on yuor network. Go away.
550 is a wonderful response.