Mailing List SIMS@mail.stalker.com Message #15352
From: Bill Cole <listbill@scconsult.com>
Subject: Re: 550 error and ECM2
Date: Tue, 12 Sep 2006 15:59:50 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
At 6:34 AM -0500 9/12/06, Bob Smith wrote:
My problem is probably more related to my test setup of the ECM2 package than it is SIMS but I figured someone on this list might give me a hint of where to look

I am currently testing an ECM2 package on Tiger Server to eventually replace my SIMS box.  For the most part, its working beautifully.  I have a total of three mail servers behind my firewall on local addresses.  A local DNS provides proper forward/reverse lookups and MX records.  One server is the ECM2 system.  One a SIMS box that's been running smoothly for years.  And one is simply Postfilx running on a Panther server that is primarily a web server.  It is used for sending only by some web scripts.  And it is available on a non standard port for users to send through when they hit a blocked port 25 issue.  It receives no mail.  All three mail servers are on the same local subnet and have various accurateimage.org host names.

I setup one of my lesser used domains on the ECM2 server to test.  I changed all of the DNS servers to correctly point MX records for this domain to this server.  Its all working fine except for when the SIMS server tries to send messages to the ECM2 server.  The ECM2 server seems to receive mail just fine from most any server on the planet except the SIMS box that's sitting right next to it.  It responds with a 550 error when any mail is sent from SIMS where the from address is any account on my my domain  accurateimage.org.  If I send through the SIMS box where the from address is some other domain (which also uses the same SIMS box as its MX server) the ECM2 box accepts it just fine.  The ECM2 box accepts mail from the Postfix (also behind the same firewall on the same local subnet) server where the sender is from accurateimage.org just fine.

What exactly causes a 550 error?  Is it something specific or is this one of those errors that might mean any of a number things? I'll post the complete text from one below.


I'm not very familiar with "ECM2" (which appears to be a preconfigured bundle of  Exim with various bits and pieces) but I think the message makes this clear.

This glitch aside, I think I'm really going to enjoy using ECM2.
Very easy to configure once its all installed.  It adds IMAP and Webmail service with little effort.  I'm a complete SpamAssassin novice but it's inclusion looks like a major plus.

You have to be careful with SA. It's a very powerful tool, but the default configuration is not ideal for much of anyone. The ability to combine and weight multiple "network" (i.e. DNSBL/URIBL/SPF/etc) tests is particularly powerful, but the default weighting is likely to generate surprises for many sites.

But that's a side issue, on to your real question...


*****************************************
Failed to deliver your message to bob@imagetexas.com:
SMTP: Address rejected by host
Host 'sam.accurateimage.org' says:
550 Sender verify failed


Reporting-MTA: dns; accurateimage.org

Final-Recipient: rfc822; bob@imagetexas.com
Action: failed
Status: 5.0.0


The text of the 550 message provides the clue. That was provided by 'sam.accurateimage.org' and it gives the impression that it is trying to verify the sender address of the mail (bob@accurateimage.org, presumably, but *maybe not*) and failing. This is probably a bad thing. The 'sender verification' that can be done by Exim and Postfix and some Sendmail add-ons consists of the MTA trying to send mail to that address up through the RCPT step, and treating the address as invalid if there is a failure in that attempt. That sounds like a good idea, but in practice it is the source of a lot of failures, and in a broader sensde it can't scale: it means that verifying machines end up checking every address forged as a sender of every message, and that would clobber small sites unpredictably with unmanageable levels of verification attempts.

To figure out why this verification failed, you need to consult the logs on sam.accurateimage.org to nail down exactly what it is doing to verify the sender. One part of a solution should be to turn off that verification.

Also:


Received: from [192.168.0.10] (HELO localhost.localdomain) by

That indicates that the machine at 192.168.0.10 is misconfigured. The name 'localhost.localdomain' is never correct. It implies that the machine has not been given a proper name, and whatever is playing the role of SMTP client here is using a default and bogus name to identify itself.


accurateimage.org (Stalker SMTP Server 1.8b8) with ESMTP id S.0000530368 for <bob@accurateimage.org>; Tue, 12 Sep 2006 05:31:09 -0500
Date: Tue, 12 Sep 2006 05:30:39 -0500
Subject: ChronoSync Notification
Message-ID: <f8c52983bd0c982e65da208125c1bbc3@studio-imac.local>
MIME-Version: 1.0 (Generated by Pantomime 1.1.2)
From: Bob Smith <bob@accurateimage.org>
To: bob@accurateimage.org
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="MACINTOSH"; format="flowed"






--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster