Why should'nt Imail try the secondary mailservers if it get a 421??
According to RFC821 the 421 error means:
421 <domain> Service not available,
closing transmission channel
[This may be a reply to any command if the service knows it
must shut down]
I thought that a secondary mailservers should be used in cases where
"<domain> Service not available", why should I bother setting up a baskup
server if it's only used when "<domain> Service is available" :-) Get my
point??
The ISP that I have the problem with, explained that the DNS setup was made
that way because their secondary mailservers is the only servers that is
allowed to send mail to the primary mailserver (security isue), so all
mailconnections is refused at the primary, accepted at the secondary and
forwarded to the primary from the secondary. They are a huge ISP in Denmark
and according to them a lot of others isp's has the same config = I can't
solve it by adding their secondary server to a host file (to much work to
find thoose setups).
Best regards
Claus Pedersen
Travelmarket 2001 A/S
-----Original Message-----
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: 27. februar 2002 17:25
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] Imail do not send mail to backup mailservers
>We use a Symantec Enterprise Firewall that sends a 421 to the
>mailserver if the destination mailserver is down. I found this on
>Symantecs website:
>
><SNIP>
>SMTPD then tries to connect to the destination server and
finds that it
>is down or unreachable. SMTPD then sends a 421 "service not available"
>error message back to the internal email server to tell it to move
>along to the next MX record with a higher priority.
Symantec is wrong.
421 means "please try again", or more specifically "If you try again it
will work". In the cases being discussed, it sounds like Symantec is
returning a 421 when the primary mailserver is designed not to accept
connections ever. In that case, Symantec *must* return a 5xx response.
>AXENT Technical Support have found that some mail servers will
not roll
>over to the second MX record because they do not properly
interpret the
>421 SMTP error message returned by the firewall.
Again, Symantec is wrong here. I would recommend contacting them and
asking them to point you to the RFC that says or suggests that
a mailserver
should move to backup MX records when it gets a 421 response
(you'll get a
cute "Um, I can't seem to find it now, but I just KNOW I saw it
somewhere"
type response).
>The mail server believes it has already made a successful connection
>with
>the remote mail server when it has
>only communicated with the Raptor Firewall's SMTP proxy.
... and please, PLEASE, get Symantec to explain how an SMTP server is
supposed to know that it made a successful connection to the
firewall and
not a successful connection to the remote mail server!
That one is just too funny.
>So according to Symantec it is Imail that has the wrong behavior.
Yes, according to Symantec, IMail is supposed to detect that a
firewall is
running. And I am very sure that Symantec wants IMail to do
that. But not
only is there no RFC saying that IMail should do that, there is
no method
shown for how IMail should detect that the firewall is there.
Note that the SMTP rules are defined in RFCs, such as RFC821
that discusses
the 421 code, not by Symantec.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/