Re: [exim] Mail servers blocking DSN's

Top Page
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: Stuart Gall
CC: exim users
Subject: Re: [exim] Mail servers blocking DSN's
Hi,

Stuart Gall wrote:
> Hello,
> I have just came across two servers that are blocking empty envelope
> to's
>
> VIZ
> telnet mail.ophosting.net 25
> Trying 63.246.16.254...
> Connected to mail.ophosting.net.
> Escape character is '^]'.
> 220 ophosting.net (IMail 8.00 37307-38) NT-ESMTP Server X1
> helo itsme
> 250 hello ophosting.net
> mail from:<>
> 501 bogus mail from
> quit
> 221 Goodbye
> Connection closed by foreign host.
>

Please report them to http://www.rfc-ignorant.org


>
> I assume that this is some kind of anti spam measure
> So this means
> 1. They will never get a DSN
> 2. sender callout will fail


This is a dumb so-called antispam feature which is not rfc compliant and
stops about nothing.

>
>
> Now obviously if they do not accept DSN's undeliverable messages will
> be frozen on our server and so this should be rejected. Personally I
> would be quite happy to leave it at that. However one of my clients
> wants to be able to receive mail from two such domains.
>
> So I was wondering if anyone else has came across this strange tactic. ?
> If it becomes more widespread then perhaps we need an option to
> specify the from address in sender callouts.


I did come into such a problem. The resolution is quite simple, just
contact the owner of these domains (IE: cc the postmaster of these
domain when you send the evidence of their non compliance to
rfc-ignorant.org) and ask them to correct their mail servers.
For an example of a warning mail, you can look at
http://www.rfc-ignorant.org/tools/detail.php?domain=asicorp.com&submitted=1161039519&table=dsn
(yes, I do submit them automatically and there are many per day)


Another (bad) solution is to do something like this in your rules:
deny
  condition   = ${if match
{$sender_address_domain}{domain1.tld|domain2.tls}{no}{yes}}
  message     = <$sender_address> does not appear to be a valid sender
address.
  !verify     = sender/callout=20s,defer_ok,random



>
> That way if you are using callouts as an anti spam measure then you
> can use postmaster as the sender.
> and retain some of the advantages.
> The only problem with having a from address in the callout is that
> you might get a mail callout loop if the other server is doing call
> backs. Hmmm thats a big problem.
>
> Perhaps there should be a way to defer if the from is rejected as
> opposed to the rcpt to:
>
>
> Comments ?
>
>
> Stuart Gall
>
>