Why should'nt Imail try the secondary mailservers if it get a 421??
According to RFC821 the 421 error means:
421 <domain> Service not available,
             closing transmission channel
            [This may be a reply to any command if the service knows it
            must shut down]

I thought that a secondary mailservers should be used in cases where
"<domain> Service not available", why should I bother setting up a baskup
server if it's only used when "<domain> Service is available" :-) Get my
point??

The ISP that I have the problem with, explained that the DNS setup was made
that way because their secondary mailservers is the only servers that is
allowed to send mail to the primary mailserver (security isue), so all
mailconnections is refused at the primary, accepted at the secondary and
forwarded to the primary from the secondary. They are a huge ISP in Denmark
and according to them a lot of others isp's has the same config = I can't
solve it by adding their secondary server to a host file (to much work to
find thoose setups).

Best regards
Claus Pedersen
Travelmarket 2001 A/S

-----Original Message-----
From: R. Scott Perry [mailto:[EMAIL PROTECTED]] 
Sent: 27. februar 2002 17:25
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] Imail do not send mail to backup mailservers



>We use a Symantec Enterprise Firewall that sends a 421 to the 
>mailserver if the destination mailserver is down. I found this on 
>Symantecs website:
>
><SNIP>
>SMTPD then tries to connect to the destination server and 
finds that it 
>is down or unreachable. SMTPD then sends a 421 "service not available" 
>error message back to the internal email server to tell it to move 
>along to the next MX record with a higher priority.

Symantec is wrong.

421 means "please try again", or more specifically "If you try again it 
will work".  In the cases being discussed, it sounds like Symantec is 
returning a 421 when the primary mailserver is designed not to accept 
connections ever.  In that case, Symantec *must* return a 5xx response.

>AXENT Technical Support have found that some mail servers will 
not roll 
>over to the second MX record because they do not properly 
interpret the 
>421 SMTP error message returned by the firewall.

Again, Symantec is wrong here.  I would recommend contacting them and 
asking them to point you to the RFC that says or suggests that 
a mailserver 
should move to backup MX records when it gets a 421 response 
(you'll get a 
cute "Um, I can't seem to find it now, but I just KNOW I saw it 
somewhere" 
type response).

>The mail server believes it has already made a successful connection 
>with
>the remote mail server when it has
>only communicated with the Raptor Firewall's SMTP proxy.

... and please, PLEASE, get Symantec to explain how an SMTP server is 
supposed to know that it made a successful connection to the 
firewall and 
not a successful connection to the remote mail server!

That one is just too funny.

>So according to Symantec it is Imail that has the wrong behavior.

Yes, according to Symantec, IMail is supposed to detect that a 
firewall is 
running.  And I am very sure that Symantec wants IMail to do 
that.  But not 
only is there no RFC saying that IMail should do that, there is 
no method 
shown for how IMail should detect that the firewall  is there.

Note that the SMTP rules are defined in RFCs, such as RFC821 
that discusses 
the 421 code, not by Symantec.

                                                    -Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for 
IMail.  http://www.declude.com

---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]


Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Reply via email to