[Top] [All Lists]

5xx errors in general and MXs

2004-04-22 19:11:54

On another list we have a - meanwhile rather emotional - discussion
about aggressive delivery attempts.

The origin of the discussion and the aggressive delivery attempts are
- large sites rejecting (valid, i.e. non spam) emails from certain IP
  addresses based on policy decision, while they accept the same email
  from other IP addresses without any problems (DUL lists like AOL
  uses them for 5xx greetings or uses them to answer
  RCPT TO with "550 5.0.0 Access denied")
- some unclear wordings in RFC 2821 (and historic 974) about what a
  delivery is and what a "successful" delivery is.
  In particular does a "5xx" code as an answer to a RCPT TO qualify
  for a "successful delivery" in terms of a "successful connection"
  or is a "successful delivery" to be interpreted in terms of a
  "successful transmission" (RFC974 makes some differences but is
  unclear about details, just as RFC 2821 is).

This discussion led to a view topics, namely
- how authoritative are answers from any MX server for a domain or
  is the authority of the answer limited to that particular mailserver
- is a 5xx code from one of the MXs of a domain to be treated as a
  global permanent failure or is it valid (and backed by wording in
  e.g. RFC974
     "Implementors are encouraged to write mailers so that they
      try the MXs in order until one of the MXs accepts the message,
      or all the MXs have been tried."
  if I get e.g. a "550 go away" as an answer to a RCPT TO command to simply
  disconnect and try the next MX and if I am through with all of them
  to inject the message at a smarthost (e.g. my ISPs mailserver).
- how to interpret the 5xx code that e.g. AOL uses for a greeting if they
  reject connections for policy reasons.

The originator of the aggressive delivery strategy argued
- if you don't want me to use any other of your MX hosts in case of
  a 5xx code then don't list them.
- if you don't want me to annul the policies set for a specific MX
  then take care that all of your MXs enforce the same policy
- there is no clear way for a receiving MTA to tell the sending MTA about
  its policies like "we don't accept email from your IP but probably
  will if you use your ISPs mailserver".

Would it be desirable to have specific message codes signalling policies to
sending MTAs?

Comments and clarifications highly welcome,


SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

<Prev in Thread] Current Thread [Next in Thread>