Menu
▾
▴
Re: [Assp-user] SMTP Connections
|
From: Scott H. <tal...@ne...> - 2010-01-22 06:38:23
|
On Jan 21, 2010, at 8:56 PM, James Moe wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/21/10 04:57 pm, Scott Haneda wrote: >> >>> If both ASSP and our local mail server (CommuniGate Pro) are both >>> capable of multiple connections, why would a MTA have to fall back to the >>> secondary? >>> >>> ASSP v1.4.3.1 >> >> [...] Perhaps this is not SMTP connection settings, and it is greylisting? Maybe the host connects to you, get the too busy greylisting error, and tries the secondary MX. [...] >> > > I disabled greylisting to no effect. It would be bizarre if one > connection could block all others. > Is the "too busy greylisting error" part of the greylisting code? Is > that the "451 4.7.1 Please try again later" response? You will have to look in the ASSP code and see what the response code is, but yes, "451 4.7.1 Please try again later" is a perfectly legitimate greylisting code as far as I know. Here are just a few samples that hit my server: Response: 451 4.7.1 Greylisting in action, please come back later Response: 450 4.7.1 <fo...@ex...>: Recipient address rejected: Policy Rejection- GREYLISTED Your mail has been temporarily delayed in accordance with our greylisting policy. Response: 451 Greylisted, please try again in 120 seconds Response: 456 greylisting suspected spam: p=0.5863: aborting SMTP transaction >> Running a secondary MX is largely a waste of time these days. [...] >> > > It appears fortunate that I do have a secondary. It exposed this behavior. > What would happen if I deleted the secondary server? The sending MTA > would enqueue the message for later delivery? That is correct, and usually for at least a day, which gives you plenty of time to make other arrangements, like a smart host forward or other temporary fix. >> The secondary obviously has to be allowed to talk to the primary without rejecting any email at all, which makes it a very nice target to a spammer. >> > > Why would the secondary talk to the primary? Doesn't the DNS lookup send > along the MX records? >> Probably better for a different discussion, there are many ways to set up a secondary. Secondary services generally have to be in sync with the primary, at least, as far as spam rules go. Otherwise a spammer sends to it, it accepts anything, and pushes it off to the primary with no trouble at all. Secondary is always white lists to the primary, so it is a good target. >> I would also update your copy of ASSP. > > In the past updating ASSP has had unfortunate effects on its > classification ability, i.e., training basically had to start over. I am > not eager to throw another variable into this issue. Understood. I think maybe your assumption the secondary is being tried as a result of the primary being busy is flawed. Most servers will try a secondary when it is not reachable, but not as a result of busy. I am sure you could configure it that was if you wanted. Maybe you have not given enough time for DNS to change. Places like aol are known to cache DNS records for more than days at times. The only way I know to find out would be to look at the DNS logs, or look at the sender, and email them, ask them to look at their logs, or do some DNS lookups for you. It is pretty likely that the DNS just has not gone all the way out. How about you just shut off the secondary for a while, see what happens then, you still should not reject email. -- Scott * If you contact me off list replace talklists@ with scott@ * |
