postfix - how to get "domain not found" to NOT retry for 5 days

[CNBarnes]

I have poured over the postfix man pages, but can't figure out the correct setting for the postfix/main.cf file.

Problem: one of my users sends email to user@invaliddomain.com.

Rather than rejecting the message (bouncing it back) immediately, postfix tries for 5 days to deliver to the non-existant domain, then bounces. I am sure this is a simple 1 liner, but danged if I can find it...

TIA

[CNBarnes]

Followup to my own message

The log file shows this:

Sep 17 11:38:29 vmmail postfix/smtp[5799]: 60ABD305DA: to=<cbarnes@physics.tam.edu>, relay=smtp-relay.tamu.edu[165.91.22.120]:25, delay=0.04, delays=0.02/0/0.01/0.01, dsn=4.1.2, status=deferred (host smtp-relay.tamu.edu[165.91.22.120] said: 450 4.1.2 <cbarnes@physics.tam.edu>: Recipient address rejected: Domain not found (in reply to RCPT TO command))


I suspect changing the value of this error condition to 550 is what I want to do, but I am not sure what the error condition "name" is.

[falko]

You can try this:

Code:

unknown_address_reject_code = 554
unknown_hostname_reject_code = 554

[CNBarnes]

I put it in.. .the logs still show a 450.


Sep 18 12:44:55 vmmail postfix/smtp[7620]: D1FD530324: to=<cbarnes@physics.tam.edu>, relay=smtp-relay.tamu.edu[165.91.22.120]:25, delay=88614, delays=88614/0/0.01/0.04, dsn=4.1.2, status=deferred (host smtp-relay.tamu.edu[165.91.22.120] said: 450 4.1.2 <cbarnes@physics.tam.edu>: Recipient address rejected: Domain not found (in reply to RCPT TO command))

[CNBarnes]

Hmm. It appears that the 450 message is not coming from my server (physics.tamu.edu), but instead smtp-relay.tamu.edu (the server relaying for us).

I assume changing the error condition setting on that server is what I need to do?

[falko]

I'd say yes.

[CNBarnes]

I talked to the sysadmins of the guys who run the other server, and it is indeed their server that is generating the 450.

Their response was:

Quote:

Domain lookup failures are transient (ie., 400-level) by RFC. If, for instance, your DNS cache was down, your network was down, or the remote site was having DNS problems or moving their domain, you would want the mail to queue on the sending side until the problem was resolved.

There's (virtually) no way for the SMTP server to know if the DNS failure is due to network issues or a typo. So it will queue until the name resolves or the TTL times out (which I think is four days for us).

Honestly, I can see their argument - some DNS lookups will be transient (eg. simply lost contact with your local DNS server) where you don't want a 550 level failure response. Otoh, taking 5 days for a domain lookup to fail on a domain that does not exist is also clearly a problem.


So... what is the solution to this dilemma?

[CNBarnes]

bump

So does anyone have an argument for/against having this sort of bounce be a 450 vs 550 type?

[Bill_KC]

Quote:

Originally Posted by falko

You can try this:

Code:

unknown_address_reject_code = 554
unknown_hostname_reject_code = 554

I have a exact same situation with the exception that I do not have an error code 450. My mail.log entry looks like this:

Oct 24 13:53:09 vegas postfix/smtp[26081]: 27DC750870C: to=<gmartin@sysxxxxx.com>, relay=none, delay=90919, delays=90898/0.68/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=sysxxxxx.com type=MX: Host not found, try again)

What entry can i include in my main.cf so that mails are sent back to the sender if the host or domain/host can't be found and not linger in the retry queue for 5 days?

Thanks Bill KC.