D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] mail oddness



James Keasley wrote:
trying to reply to a message on the list I keep getting this error 
message:

  list@xxxxxxxxxxxx
    SMTP error from remote mailer after RCPT TO:<list@xxxxxxxxxxxx>:
    host io.tertial.org [212.67.198.131]: 550 relay not permitted

not entirely sure why this is happening, but hopefuly it won't 
happen this time.

could this be an issue specifically to do with replying to mails 
on the list?

io.tertial.org is listed as a backup MX for the domain dclug.org.uk, and
apparently not configured as a backup, so probably the main mail servers
was unavailable.

Backup MX'es that don't know about the list of valid users(!) are a
waste of bandwidth, and should all be deleted from the DNS ASAP.

(Alex?)

Basically backup MX'es work like this.

The spammer connects to the primary MX, but after a few false, or old
email addresses this server starts backing off and slowing down as it
thinks "hmm I'm being abused".

If the spammer connects to a backup MX that doesn't know if an address
is valid it will start queuing the new emails to disk as fast as it can,
then connect to the primary MX and do the spammers dirty work for him.
And then spew lots of bounced emails to forged addresses saying "the
email you never sent didn't reach this recipient who doesn't exist".

Every so often when the primary MX is down, a genuine message is
attempted to send via the relay, then we discover the admin has
reconfigured it and forgot to allow relaying for the domain (like here).

Just occaisonally the backup MX queues messages when the primary is
down, and this slightly reduces delays when the primary is back up again
- but these days it is hardly worth it as most mail servers implement
good back-off algorithmns so a mail server isn't swamped when it is
restarted after an outage.


Looks like our other backup MX record is in fact the same as the primary.

prot.termisoc.org.      20865   IN      CNAME   www.fluxbbs.org.
www.fluxbbs.org.        35266   IN      CNAME   fluxbbs.org.
fluxbbs.org.            35266   IN      A       212.67.197.71


pi.a-squared.co.uk IN A 212.67.197.71

Ah the perils of system maintenance. No one mention chaining CNAME's.


$ dig +short dclug.org.uk mx
10 pi.a-squared.co.uk.
20 io.tertial.org.
30 prot.termisoc.org.

We can delete io from this list because it is broke and silly to have,
and we can delete prot because it is realy pi.

Attachment: signature.asc
Description: OpenPGP digital signature


Lynx friendly