On 19/04/04, Peter Bowyer (peter@???) wrote:
> Rory Campbell-Lange <rory@???> wrote:
> > I clearly have something misconfigured as I get about 20 messages a
> > week on our company mail server (which has about 7000 emails going in
> > and out each week) which get frozen with the following
> > characteristics:
> >
> > 7h 2.1K 1BFOjh-0005fq-7q <> *** frozen ***
> > pseudo@???
> >
Thanks for the really helpful email, Peter.
> These are frozen bounce messages. Since your Exchange 5.5 (really? it's
> unsupported isn't it?) server can't do SMTP-time recipient verification,
> you're accepting mails on the gateway for potentially non-existant
> recipients on the target system. When Exchange bounces one of these, and the
> orginal sender is unrouteable, you get a frozen bounce.
We're either moving to use the exim4 box (which has been working
fantastically well for about 6 months) for all our mail requirements, or
passing through to Postfix on an OSX Server.
> Some ways of fixing this:
>
> - Upgrade to Exchange 2003, turn on SMTP-time recipient validation in
> Exchange, turn on callout recipient checking in Exim
We're thinking of becoming Microsoft-free; but this makes sense. I've
been following the callout checking posts on the lists, but hadn't put
this together with the problem we are suffering.
> - Implement a verify-only LDAP lookup on the Exim server to check recipients
> before you accept a mail at SMTP time. Or some other way of the Exim server
> knowing whether a recipient is valid or not ( a static list, directory
> extract, etc)
I've found it difficult finding the correct LDAP query string to hit the
Exchange Server.
> - Implement callout sender verification in Exim - will stop you accepting a
> mail if a subsequent bounce would not be deliverable
Won't this break some incoming stuff, which doesn't have a correctly
formatted 'from'? We have to be tolerant of clients with broken MUAs.
>
> - Mess with the timeout_frozen_after settings in Exim to make the frozen
> bounces disappear. Not really a fix - a resilient system shouldn't accept
> mail for non-existant users, or from non-existant addresses.
Do The Right Thing. OK!
>
> You'll want to fix this before your first DHA or joe-job, at which time both
> Exim and Exchange will probably melt down.
I don't know what DHA or joe-jobs are. Please enlighten me (particularly
as they seem to have risky results!)
Sorry for the questions about your answers,
Rory
--
Rory Campbell-Lange
<rory@???>
<
www.campbell-lange.net>
