On Fri, 20 Sep 2002, Jerry Jorgenson wrote:
> Hotmail is throttling incoming connections.
In view of the large number of spams which come with a counterfeit
hotmail address, we have enabled callbacks for hotmail addresses. (The
same for a number of other frequently-counterfeited domains - provided
the domains' mail servers return a useful response to callbacks!)
Over the past week or two it means that many attempts to send us mail
from hotmail are reported as "Could not complete sender callout
check", and so we temporarily refuse them. I have the impression that
the increasing number of retries - and the resulting calls back to
hotmail - produces a sort of chain reaction, with hotmail getting even
more reluctant to respond to us.
Well, that was the case when I looked a couple of days back. The
acute problem seems to have cleared now, but I suppose the issue is
worth thinking about...
Our current recipe looks like
deny hosts = *
sender_domains = partial-dbm;CONFIG_DIR/callback_domains.db
!verify = sender/callout
message = We could not verify your purported envelope sender
<digression>
Hmmm, this message never in fact appears in our log. What appear
instead are pairs of entries, like:
...response to "RCPT TO:<brandy_jayne@???>" from mx1.hotmail.com
[65.54.254.129] was 550 Requested action not taken: mailbox unavailable
followed by
... rejected RCPT <victim@???>: Sender verify failed
- apparently not using our provided message at all. But I digress...
</>
We _could_ exclude the hotmail hosts from "hosts = *", but that would
excuse them from validation for all of our callback_domains. And the
same for each of the other frequently-counterfeited domains like
msn.com, yahoo.* - I'm sure I don't need to spell out the usual
suspects here... ;-)
Thoughts, folks? Would this actually need individual entries,
grouping each big sender_domains suspect with an exclusion list of
their outgoing mail hosts? Any tried and tested recipes to share?
cheers
