Auteur: James P. Roberts Date: À: exim-users Sujet: Re: [Exim] Reaction to rude 554 greeting
> > What does the author of Exim think about this option at this point? > > Last I saw, his comments were that this was a bad idea.
>
> Indeed, my view is that treating 5xx as 4xx is a bad idea. However, as a
> purveyor of software, I sometimes have to implement things that I
> disagree with if I want my software to be used widely. This is not the
> first example of an option that I would never turn on myself.
>
Just my two cents worth:
I agree that a 5xx code means a permanent failure, and that it is given as a
conscious decision by the server which chooses to send the 5xx message. Now,
if the host sending this 5xx is the primary MX host for the domain, then its
opinion is of higher priority than any other MX you might try. That is, once
you have established an IP connection to the primary MX of DNS record, you
must accept whatever it tells you as the gospel for that transaction. That is
the definition of "primary" after all. This statement holds true for the
first MX to which you successfully establish an IP connection.
The purpose of a secondary MX is to handle email while the primary is
UNAVAILABLE for some reason. (And it should work the same as the primary
would - it is a direct substitute for the primary). Available enough to issue
a 5xx response is NOT "unavailable" by any stretch of the imagination!
Therefore, if you get a response, you must take that response as the
"authoritative" response for that attempt. Trying the exact same transaction
on a lower-priority server should never work anyway, unless the recipient's
servers are badly misconfigured. It is an abuse to keep trying other MX's
once you have received a 5xx message from an "authoritative" MX. You should
have no expectation that a secondary MX would respond any differently.
Think about it. If you got actual responses from two different MX's, and
those responses were different, which one is the "correct" response? You must
assume the response from the highest-priority MX is the "correct" response.
There is no other means of distinguishing priority. That is why you do NOT
ever talk to a secondary MX after completing a conversation with an MX, even
if the result of the conversation was "go away" (5xx). It is like trying to
go over your boss's head by talking to the janitor. Sure you can try if you
really want to, but don't be surprised if the boss decides to fire(wall) you
for it. ;)
If some people disagree with this enough to configure their MX server to
respond with a 5xx in hopes that the sender will interpret it as "try another
MX"... Well, "tough noogies for them," I say. They should send a 4xx
response instead, or fix their DNS, or whatever. It is not the responsibility
of the sending MTA to "guess" what they might have meant. A "5xx" is a "5xx"
is a "5xx."
Philip, my vote would be to make no changes for this issue.