Sendmail with tcpwrappers

[pkr]

Hi, This is not exactly spamcop, but it is related to our implementation of spamcop.

spamcop is our primary and secondary MX for our domain.

Our mail server is closed up using tcpwrappers. No other mail servers can talk to it except for spamcop mail servers. If some one does try to connec to it. They get

Remote host said: 550 5.0.0 Access denied

Which causes the mail to bounce.

I want our mail server to return some error other that 550. Something more like service not available, this way the mail won’t bounce, it will just be queued up and delivery will be attempted later.

So, how do I get sendmail compiled with tcpwrappers to return something other than 550?

Thanks,

Alex

[StevenUnderwood]

I have no knowledge of sendmail or tcpwrappers. I do have some comments/questions that may help others here answer your specific question, however.

First, your definition of bounce seems like it should actually be reject.

A bounce is when you accept the entire message and then send it back to the (usually forged) sender from the headers.

Usually, when a sending server gets an error message during connect, the sending server returns that message to the sender with the error code. This is good. The sender will receive a bounce, but from THEIR server.

If a 400 code is used, then the sending server will usually (not always) retry after a certain amount of time. After another set amount of time, the sender will still receive a bounce message from THEIR server stating the message did not go through.

Second, if your server is only allowed to receive messages from the spamcop servers, then why do you want their original server to try again at a later time. Won't it still be blocked? This would only delay the error message to the original sender (if it is a valid one).

Third, in my experience changing MXes recently, the only servers that continue to attempt delivery to the original server are spam senders. Legitemate servers look up the MX each time (with cahcing involved) so they get fresh data.

Good luck

[pkr]

Ok, it sounds like we are currently rejecting resulting in the sender getting a bounce from their server.

It’s sounds like to switch from 550 code to a 400 code is what I need, the question is how. The sender will get a bounce, but at least we will eventually get the email as long as their server is set to retry.

This morning either spamcop mail servers were down momentarily, or some sender could not reach spamcop servers for whatever reason. So then according to the MX scheme the sender then tried to send the email directly to our server, and our server issued the 550 code, and the email instantly bounce never to be retried again. If the sender received a 400 code, then the mail would have been retired, and if spamcop mail servers were back online then we would have got the message. Right?

The reason we have it setup like this is so that if spamcop mail servers ever go down we can open up our server to the world, and we will be getting mail again(and lots of spam along with it) until spamcop servers come back on line. Under normal conditions we want our mail server to block all the spammers that are trying to connect directly to us instead of going through spamcop’s MXs.

Does that make sense?

Thanks,

Alex

[Wazoo]

OK, the last time something like this came up, the bottom line was that this Forum area was not to be the contact or support area for someone using the services of CES .... you need to be talking to JT "directly" ..... service <at> cesmail.net

For completeness, the previous discussion was at http://forum.spamcop.net/forums/index.php?...738entry12738

Moved item to the Lounge area as self-admitted, it has nothing to do with SpamCop reporting or SpamCop E-mail accounts.

[StevenUnderwood]

The sender will get a bounce, but at least we will eventually get the email as long as their server is set to retry.

No, the sender will generally only get the bounce after the server has given up. These messages indicate to the sender to re-try sending it themselves, though in my experience, most end user never read these messages and never re-try the send. Some servers also warn that it has tried for x hours but will keep retrying for y more hours. Some servers may also never retry the send, even on a 400 level code, though most common ones should.

I do see what you are trying to do (your servers are the 3rd MX) but I'm not sure that after the sending server has seen your address as active, if it will re-try the better MXes. My Lotus Notes server tends to keep re-trying the IP of the server that it was able to contact as that IP becomes the "MX of record" in he cache system. I don't know if other servers just resend normally by going through the MX progression.