[Top] [All Lists]

Re: After a 450, queue or try next MX?

2006-08-30 12:57:18


My input on this.

o MX Records and Retrying:

Our software and I think in general, the BCP, is to only go to the next
expanded MX record address only when a connection fails.  In other words,
you should honor the 55x to NO TRY AGAIN EVER or the 45x to TRY AGAIN LATER,
but not within the same attempt where you have expanded MX host.

When the MX list is expanded, the outbound process only goes to the next IP
if it fails the CONNECTION.  There might be some other reason in the long
established code, but off hand, it definitely only cycles on failed

But I've seen other systems behave differently on a 45x with attempts from
different machines within seconds or minutes.

o GreyListing:

We have implemented a GreyListing system. The "specs" indicate to use a 451

The fine tuning which seems to be the concensus on greylist mailing list,
there are two considerations:

  - Consideration for Class C
  - Block for atleast 1 minute

The triplet hash generated may include suppor for the class C address
(X.X.X.0) rather than full IP.  And the minimum block should be atleast 1

Based on your report, they are blocking you for 300 seconds or 5 minutes.
That is definitely too long in my opinion and in the opinion of others in
the greylist support list.

But if you are retrying right away, on the second MX, that is probably not a
good idea either.

What we provide in our package is a default retry frequency of:


So for the first two attempts it waits 5 minutes, then 15 mins, then 1 hour
for the remaining attempts until the total attempts are exhausted (72 tries
by default which is ~ 3 days).

Hope this helps

Hector Santos, Santronics Software, Inc.

----- Original Message -----
From: "Michael Kenny" <michael(_dot_)kenny(_at_)gmail(_dot_)com>
To: <ietf-smtp(_at_)imc(_dot_)org>
Sent: Wednesday, August 30, 2006 11:01 AM
Subject: After a 450, queue or try next MX?

I'm having problems sending to a 'greylist'-ing mail host
and was wondering what the correct response to the
initial delivery rejection ought to be. I was not able to find
the answer in the RFCs. I was hoping someone here might

When we attempt to deliver to the recipient, the first of
two hosts listed MX preference order responds with a 450
From our log, (IP and address obfuscated)

Remote host: 99.99.999.999. RCPT response: '450 <xxx(_at_)xxxxxx(_dot_)net>:
address rejected: Greylisted for 300 seconds (see

'. Trying next host.

When we try the next host we get this:

Remote host: 33.333.333.333. Recipient: '<xxx(_at_)xxxxx(_dot_)net>'. RCPT 
'554 xxx(_at_)xxxxx(_dot_)net: Relay access denied

At this point a delivery failure with the 554 is returned to my sender.

When I contacted the admin at the recipients domain he
asserted that my mail server was misconfigured, and that we
should be retying. While I'm not going to say that is not the case,
I'm trying to figure out first what it is that should happen here.

After the inital temporary failure, the 450, should my
mail server immediately put the message in the retry queue, or
should it try the next MX host? And if it should try the next
MX host, should it then return the permanent failure that second
host gave me, or put the message in retry because the first
host attempted returned a temporary rejection?

My mail server is trying the second MX and then returning
the permanent failure to the user.

Sorry if this is complicated or too basic. I just have not been
able to find the description of this scenario in the RFCs.