[ILUG] Weird DNS issue

[Kenn Humborg]

> > That was my anti-spam measures returning the message because the
> > sender domain didn't exist.
>  
>  DNS failures may be of temporary nature, and the prefered way to
>  deal with them at MTA level is to create soft bounces. I.e. return
>  a 4xx error code (typically 450), not a 5xx (550) error code. The
>  sending MTA will then requeue the message and try again later, giving
>  the DNS a chance to recover.

I agree, but only for 'transient' DNS errors (such as unable
to contact name server).  However, if you get an authoritative
response that says "domain doesn't exist" then there is no point
in retrying.  If you accidentally send a message to ilug at linus.ie,
which would you prefer:

   1. an immediate bounce
   2. a warning (probably 4 hours later, maybe a whole day) from 
      a mail server that's holding it in its queue?

And this particular case is different.  It's not the dest addr
that doesn't resolve, it's the source address.  I don't want
thousands of spam messages with fake sender addrs to clog up
mail queues all over the net.

>  From postfix sample-smtpd.cf:
> 
> | # The unknown_hostname_reject_code parameter specifies the SMTP server
> | # response when a client violates the reject_unknown_hostname
> | # restriction.
> | #
> | # Do not change this unless you have a complete understanding 
> of RFC 822.
> | #
> | unknown_hostname_reject_code = 450

I disagree.  Of course, I haven't read 822 in a long time.  Maybe 
I should.  Maybe it would change my mind.  Maybe it won't.  Maybe 
that particular recommendation has been superseded by another RFC.

Later,
Kenn