1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • reject=553 5.3.0 127.0.0.2 due to unreachable DNS resolver

    From Marco Moock@21:1/5 to All on Sat Feb 1 15:54:26 2025
    Hello!

    I had a situation where my DNS resolver was unreachable for my machine.

    root@pi-dach:~# grep FEATU /etc/mail/sendmail.mc
    FEATURE(`no_default_msa')dnl
    FEATURE(`require_rdns')dnl
    FEATURE(`use_cw_file')dnl
    FEATURE(`access_db', , `skip')dnl
    FEATURE(dnsbl,`dnsbl-1.uceprotect.net')dnl
    FEATURE(enhdnsbl,`zen.spamhaus.org', `"554 Connecting client IP address listed in Spamhaus. See https://check.spamhaus.org"', `127.0.0.2', `127.0.0.3', `127.0.0.4', `127.0.0.9', `127.0.0.10', `127.0.0.11')dnl
    FEATURE(dnsbl,`all.bl.blocklist.de')dnl
    FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
    FEATURE(enhdnsbl,`dnsbl-2.uceprotect.net', `"454 4.7.1 Listed in uceprotect Level 2')dnl
    FEATURE(enhdnsbl,`dnsbl-0.uceprotect.net', `"454 4.7.1 Listed in uceprotect Level 0')dnl
    FEATURE(enhdnsbl,`dnsbl-3.uceprotect.net', `"454 4.7.1 Listed in
    uceprotect Level 3')dnl

    Jan 31 23:37:37 pi-dach sm-mta[1034127]: ruleset=check_relay, arg1=[157.230.63.40], arg2=157.230.63.40, relay=[157.230.63.40],
    reject=553 5.3.0 127.0.0.2

    The remote machine gave

    <uk-legal-moderated@moderators.isc.org>: host pi-dach.dorfdsl.de[82.139.252.17]
    said: 553 5.3.0 127.0.0.2 (in reply to MAIL FROM command)

    If that is related to a non-resolvable domain (DNS timeout), what is the
    reason for this strange error message?

    The dnsbl features give back different messages.

    --
    kind regards
    Marco

    Send spam to 1738420972muell@stinkedores.dorfdsl.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Marco Moock on Sat Feb 1 11:41:48 2025
    On 2/1/25 08:54, Marco Moock wrote:
    Hello!

    Hi

    I had a situation where my DNS resolver was unreachable for my machine.

    I would expect your logs to indicate /temporary/ failures in the case
    when a normally reachable / usable DNS server was unreachable / unusable.

    Jan 31 23:37:37 pi-dach sm-mta[1034127]: ruleset=check_relay, arg1=[157.230.63.40], arg2=157.230.63.40, relay=[157.230.63.40],
    reject=553 5.3.0 127.0.0.2

    The "553 5.3.0" indicates a permanent error, not a temporary error that
    I'd expect.

    The remote machine gave

    <uk-legal-moderated@moderators.isc.org>: host pi-dach.dorfdsl.de[82.139.252.17]
    said: 553 5.3.0 127.0.0.2 (in reply to MAIL FROM command)

    That sounds like your system was trying to send an email and the remote
    system refused to accept it.

    If that is related to a non-resolvable domain (DNS timeout), what is the reason for this strange error message?

    The dnsbl features give back different messages.

    Please clarify:

    - which system the logs are from
    - which system was the sending server
    - which system was the receiving server / generated the "553 5.3.0"
    rejection



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Sat Feb 1 19:40:31 2025
    On 01.02.2025 11:41 Uhr Grant Taylor wrote:

    On 2/1/25 08:54, Marco Moock wrote:

    I had a situation where my DNS resolver was unreachable for my
    machine.

    I would expect your logs to indicate /temporary/ failures in the case
    when a normally reachable / usable DNS server was unreachable /
    unusable.

    There are no such messages.

    Jan 31 23:37:37 pi-dach sm-mta[1034127]: ruleset=check_relay, arg1=[157.230.63.40], arg2=157.230.63.40, relay=[157.230.63.40],
    reject=553 5.3.0 127.0.0.2

    This is from my system.

    The "553 5.3.0" indicates a permanent error, not a temporary error
    that I'd expect.

    The remote machine gave

    <uk-legal-moderated@moderators.isc.org>: host pi-dach.dorfdsl.de[82.139.252.17] said: 553 5.3.0 127.0.0.2 (in
    reply to MAIL FROM command)

    This is from the logs of the remote.

    That sounds like your system was trying to send an email and the
    remote system refused to accept it.

    No, my system rejected the mail from the remote. The postmaster of the
    remote contacted me and gave me the bounce.

    --
    kind regards
    Marco

    Send spam to 1738406508muell@stinkedores.dorfdsl.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Marco Moock on Sat Feb 1 18:45:45 2025
    On 2/1/25 12:40, Marco Moock wrote:
    There are no such messages.

    Okay.

    This is from my system.

    ACK

    This is from the logs of the remote.

    ACK

    No, my system rejected the mail from the remote. The postmaster of
    the remote contacted me and gave me the bounce.

    With the clarifying details in mind, I re-read your original message and
    it looks as if 157.230.63.40 is listed in dnsbl-3.uceprotect.net. Maybe
    that's part of the problem.

    % dig 40.63.230.157.dnsbl-3.uceprotect.net
    40.63.230.157.dnsbl-3.uceprotect.net. 1999 IN A 127.0.0.2



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Sun Feb 2 09:48:03 2025
    On 01.02.2025 18:45 Uhr Grant Taylor wrote:

    With the clarifying details in mind, I re-read your original message
    and it looks as if 157.230.63.40 is listed in dnsbl-3.uceprotect.net.
    Maybe that's part of the problem.

    % dig 40.63.230.157.dnsbl-3.uceprotect.net
    40.63.230.157.dnsbl-3.uceprotect.net. 1999 IN A 127.0.0.2

    True, but that should be rejected with another error message according
    to my config and that is the case when DNS works normally. If it
    doesn't, it gave me this strange error.

    --
    kind regards
    Marco

    Send spam to 1738431945muell@stinkedores.dorfdsl.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Marco Moock on Sun Feb 2 10:39:23 2025
    On 2/2/25 02:48, Marco Moock wrote:
    True, but that should be rejected with another error message according
    to my config and that is the case when DNS works normally. If it
    doesn't, it gave me this strange error.

    I'm don't use `dnsbl' nor `enhdnsbl' so I'm not up on the particulars.
    But my read of the FEATUREs in the cf/README file made me think that the
    `454 4.7.1 Listed in ...' messages you have are for when the DNS lookup
    fails (including all retries).

    But, I may be mis-interpreting the cf/README documentation.



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Sun Feb 2 21:11:53 2025
    On 02.02.2025 10:39 Uhr Grant Taylor wrote:

    I'm don't use `dnsbl' nor `enhdnsbl' so I'm not up on the
    particulars. But my read of the FEATUREs in the cf/README file made
    me think that the `454 4.7.1 Listed in ...' messages you have are for
    when the DNS lookup fails (including all retries).

    That error is fine, but in my case it was 553 and I would like to
    understand what caused that.

    --
    kind regards
    Marco

    Send spam to 1738489163muell@stinkedores.dorfdsl.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Marco Moock on Sun Feb 2 16:42:16 2025
    On 2/2/25 14:11, Marco Moock wrote:
    That error is fine, but in my case it was 553 and I would like to
    understand what caused that.

    I'll try saying it another way, my -- limited -- understanding is that
    the `454 4.7.1 Listed in ...' error is only sent when there DNS timeout
    / failures (multiple times).

    I think that Sendmail will return a different (error) message when it successfully looks up the IP address and finds it listed in the
    (ENH)DNSBL. I think it's entirely possible that the 553 was because the client's IP was listed in the (EHN)DNSBL. The 553 even included the IP
    address from the listing.

    But, as said before, I don't use (ENH)DNSBL and don't have any first
    hand experience with it.



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Marco Moock on Mon Feb 3 02:07:06 2025
    Marco Moock wrote:

    FEATURE(enhdnsbl,`zen.spamhaus.org', `"554 Connecting client IP address listed in Spamhaus. See https://check.spamhaus.org"', `127.0.0.2', `127.0.0.3', `127.0.0.4', `127.0.0.9', `127.0.0.10', `127.0.0.11')dnl

    reject=553 5.3.0 127.0.0.2
    ^^^^^^^^^

    This should tell you that your use of enhdnsbl is probably wrong.
    Please see cf/README for the arguments.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Mon Feb 3 20:28:58 2025
    On 02.02.2025 16:42 Uhr Grant Taylor wrote:

    I'll try saying it another way, my -- limited -- understanding is
    that the `454 4.7.1 Listed in ...' error is only sent when there DNS
    timeout / failures (multiple times).

    No, that was send when the lookup was successful. I used it wrong as I
    had too many arguments (it can filter for the lookup results and there
    were too many according to the doc).

    --
    kind regards
    Marco

    Send spam to 1738510936muell@stinkedores.dorfdsl.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)