Hi Sam, On Mon, Mar 22, 2004 at 07:12:29PM -0600, Sam Laffere wrote: > I implemented this plugin on a test domain, and it seemed great, but after > implementing on my production server, I had too many customers not getting > their email because of the 'no reverse lookup' part. For now I have > remarked that out and still use the badmailfromhost file. > The badmailfromhost file caused one known problem, but after 8 phone calls > to Southwestern Bell, that DSL person was able to get a real PTR file for > their mail server and has not had any more problems. This person had been > having "strange" problems with most mail getting through, but the occasional > email not reaching the destination. The "exchange server" was not giving > him enough info to troubleshoot effectively. I think he was being denied > for the same reason my server denied him, but just could not figure it out.
I've had the same experience - too many reverse dns lookup false positives to use in the real world. I'm not using it at all any longer. > The 450 DENYSOFT that they both use has a couple of problems in the real > world. > 1. Some mail servers(possibly Lotus Notes and others) don't queue and > retry. > 2. The repeated DENYSOFT from check_hostbyrename never allows the message on > through. If a greylist was added, then problem 1 kicks in. > 3. My customers calling to say that such-and-such email is not getting here > can eat up a TREMENDOUS amount of time. You're correct - there are a few MTAs out there that hard fail 45x statuses, contravening the RFCs. In my experience they've been less frequent than reverse dns snafus. Some old versions of Groupwise certainly do it, which is probably the Lotus MTAs you're seeing; so do older versions of something called SLMail. They've been one or two others mentioned on the greylisting list, but Groupwise does seem to be the main culprit. I'm not sure what kind of volumes you're seeing from these kinds of servers, but I've just been whitelisting them as they come up here. It's a pretty reasonable workaround. You could still send your email to the remote postmaster pointing out how broken their MTA is, but I suspect you won't get much joy. Cheers, Gavin
