Re: [Mailman-Users] Problems with undeliverable mail
On Thu, 27 Dec 2001 14:06:53 -0800 Michelle Brownsworth michelle@primelogic.com wrote:
My mailhost is chugging away, trying over and over to deliver to a large batch of addresses with a .gov domain that doesn't resolve; this particular .gov nameserver is obviously having problems. And it's not from the sendmail's mail queue; /var/spool/mqueue/ is completely empty. It's Mailman reattempting to send to the problem addresses.
Configure your MTA to not do DNS verifies on deliveries from localhost.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
On Thu, 27 Dec 2001 14:06:53 -0800 Michelle Brownsworth michelle@primelogic.com wrote:
My mailhost is chugging away, trying over and over to deliver to a large batch of addresses with a .gov domain that doesn't resolve; this particular .gov nameserver is obviously having problems. And it's not from the sendmail's mail queue; /var/spool/mqueue/ is completely empty. It's Mailman reattempting to send to the problem addresses.
Configure your MTA to not do DNS verifies on deliveries from localhost.
-- J C Lawrence
---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
But since none of the subscribers are local, I don't see how that will help in this situation. And as I said, the batch of reattempts didn't seem to be coming from sendmail's mail queue. The only explanation is that Mailman must have a means of keeping track of failed deliveries.
.\\ichelle
Michelle Brownsworth System Administrator PrimeLogic Corporation http://www.primelogic.com
On Sat, 29 Dec 2001, Michelle Brownsworth wrote:
On Thu, 27 Dec 2001 14:06:53 -0800 Michelle Brownsworth michelle@primelogic.com wrote:
My mailhost is chugging away, trying over and over to deliver to a large batch of addresses with a .gov domain that doesn't resolve; this particular .gov nameserver is obviously having problems. And it's not from the sendmail's mail queue; /var/spool/mqueue/ is completely empty. It's Mailman reattempting to send to the problem addresses.
Configure your MTA to not do DNS verifies on deliveries from localhost.
But since none of the subscribers are local, I don't see how that will help in this situation. And as I said, the batch of reattempts didn't seem to be coming from sendmail's mail queue. The only explanation is that Mailman must have a means of keeping track of failed deliveries.
Perhaps a re-phrasing: configure your MTA to blindly accept mail from localhost without verifying that the *destination* domain is valid.
Many MTA configurations won't accept mail that they know they can't deliver - if the destination domain doesn't resolve, there's no point in accepting it. So the MTA reports, typically, a temporary SMTP error.
Sounds like Mailman is trying, over and over, to get these messages into the MTA.
If you instead configure your MTA to accept the message, it will accept it and immediately generate a bounce. Mailman does the right thing with bounces.
Here's an example: my list of SMTPD restrictions from postfix. I reject mail for unknown recipient domains - but I have an exception list for my list servers. /etc/postfix/class_host_exception includes localhost and a few other machines that I let dump blindly into the system.
smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/class_host_exception, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, permit
This can also speed up injection into the MTA, if that's important to you.
-- Charlie Watts cewatts@frontier.net Frontier Internet http://www.frontier.net/
On Sat, 29 Dec 2001, Michelle Brownsworth wrote:
On Thu, 27 Dec 2001 14:06:53 -0800 Michelle Brownsworth michelle@primelogic.com wrote:
My mailhost is chugging away, trying over and over to deliver to a large batch of addresses with a .gov domain that doesn't resolve; this particular .gov nameserver is obviously having problems. And it's not from the sendmail's mail queue; /var/spool/mqueue/ is completely empty. It's Mailman reattempting to send to the problem addresses.
Configure your MTA to not do DNS verifies on deliveries from localhost.
But since none of the subscribers are local, I don't see how that will help in this situation. And as I said, the batch of reattempts didn't seem to be coming from sendmail's mail queue. The only explanation is that Mailman must have a means of keeping track of failed deliveries.
Perhaps a re-phrasing: configure your MTA to blindly accept mail from localhost without verifying that the *destination* domain is valid.
Many MTA configurations won't accept mail that they know they can't deliver - if the destination domain doesn't resolve, there's no point in accepting it. So the MTA reports, typically, a temporary SMTP error.
Sounds like Mailman is trying, over and over, to get these messages into the MTA.
If you instead configure your MTA to accept the message, it will accept it and immediately generate a bounce. Mailman does the right thing with bounces.
Here's an example: my list of SMTPD restrictions from postfix. I reject mail for unknown recipient domains - but I have an exception list for my list servers. /etc/postfix/class_host_exception includes localhost and a few other machines that I let dump blindly into the system.
smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/class_host_exception, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, permit
This can also speed up injection into the MTA, if that's important to you.
-- Charlie Watts cewatts@frontier.net Frontier Internet http://www.frontier.net/
That makes good sense, Charlie. Only problem is, I don't know how to accomplish it in sendmail without enabling FEATURE(relay_local_from), something I am loath to do for security reasons. According to cf/README in the sendmail source:
FEATURE(relay_local_from) Allows relaying if the domain portion of the mail sender is a local host. This should only be used if absolutely necessary as it opens a window for spammers. Specifically, they can send mail to your mail server that claims to be from your domain (either directly or via a routed address), and you will go ahead and relay it out to arbitrary hosts on the Internet.
If anyone on the list can tell me how to configure sendmail to accept mail from localhost without checking for a valid domain either without using FEATURE(relay_local_from) or using it without compromising security, I would greatly appreciate it.
.\\ichelle
Michelle Brownsworth System Administrator PrimeLogic Corporation http://www.primelogic.com
participants (3)
-
Charlie Watts -
J C Lawrence -
Michelle Brownsworth