[Mailman-Users] FAQ entry: Who should deal with DNS errors?

[Samuel Tardieu]

I was going to add this FAQ entry, but I realize that I don't have a
password to do that and I have to leave for a meeting right now.

If someone wants to add this, feel free to do it. I just discovered
this issue this morning, when I noticed that some of my lists took a
long time to deliver mail.

  Sam

PS/ feel free to reformat, rewrite, delete, ...  :)
-- 
Samuel Tardieu -- sam at rfc1149.net -- http://www.rfc1149.net/sam

4.20 Who should deal with DNS errors?

Sometimes, Mailman tries to send mail to domains which exist but do
not have a MX (mail exchanger) or an A (address) record. This may
happen for example when a spam comes from a newly reserved domain, who
has not been setup to receive mail.

Most MTA are configured to reject mail for such a domain with a
temporary failure exit code (such as 450), because the absence of
those records may be caused by a transient network outage. If your
local MTA has been configured this way, it will reject mail from
Mailman with this temporary failure exit code, and Mailman will try to
resent the mail every minute. Considering that the DNS lookup may
easily take up to 30 seconds in case of a network problem, this may
slow down Mailman mail delivery by a huge factor.

One solution is to let your MTA deal with this situation instead of
Mailman. Configure your MTA so that it always accepts mail coming from
Mailman. In Postfix for example, this is done by using a
"client_access" restriction (allowing mail from localhost if Mailman
is running on the same machine as Postfix) before the
"reject_unknown_recipient_domain" restriction.