[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
James Keasley wrote:
trying to reply to a message on the list I keep getting this error message: list@xxxxxxxxxxxx SMTP error from remote mailer after RCPT TO:<list@xxxxxxxxxxxx>: host io.tertial.org [212.67.198.131]: 550 relay not permitted not entirely sure why this is happening, but hopefuly it won't happen this time. could this be an issue specifically to do with replying to mails on the list?
io.tertial.org is listed as a backup MX for the domain dclug.org.uk, and apparently not configured as a backup, so probably the main mail servers was unavailable. Backup MX'es that don't know about the list of valid users(!) are a waste of bandwidth, and should all be deleted from the DNS ASAP. (Alex?) Basically backup MX'es work like this. The spammer connects to the primary MX, but after a few false, or old email addresses this server starts backing off and slowing down as it thinks "hmm I'm being abused". If the spammer connects to a backup MX that doesn't know if an address is valid it will start queuing the new emails to disk as fast as it can, then connect to the primary MX and do the spammers dirty work for him. And then spew lots of bounced emails to forged addresses saying "the email you never sent didn't reach this recipient who doesn't exist". Every so often when the primary MX is down, a genuine message is attempted to send via the relay, then we discover the admin has reconfigured it and forgot to allow relaying for the domain (like here). Just occaisonally the backup MX queues messages when the primary is down, and this slightly reduces delays when the primary is back up again - but these days it is hardly worth it as most mail servers implement good back-off algorithmns so a mail server isn't swamped when it is restarted after an outage. Looks like our other backup MX record is in fact the same as the primary. prot.termisoc.org. 20865 IN CNAME www.fluxbbs.org. www.fluxbbs.org. 35266 IN CNAME fluxbbs.org. fluxbbs.org. 35266 IN A 212.67.197.71 pi.a-squared.co.uk IN A 212.67.197.71 Ah the perils of system maintenance. No one mention chaining CNAME's. $ dig +short dclug.org.uk mx 10 pi.a-squared.co.uk. 20 io.tertial.org. 30 prot.termisoc.org. We can delete io from this list because it is broke and silly to have, and we can delete prot because it is realy pi.
Attachment:
signature.asc
Description: OpenPGP digital signature