For testing purposes I was sending a mail with an EICAR antivirus test file from my @gentoo.org address to my private mail. This made me note something that I believe is a configuration bug in the gentoo SMTP server configuration: The mails get rejected by the receiving mail server with a permanent error ("554 Virus found - Signature is Win.Test.EICAR_HDB-1"). However the mails are still in the queue and the gentoo.org SMTP tries to resend them every few minutes. Based on the SMTP standards error codes starting with 5 (5xx) should all be treated as permanent errors. Resends should only happen on 4xx errors, on 5xx errors the right behaviour would be to immediately cause an error mail for the sender.
(In reply to Hanno Böck from comment #0) > For testing purposes I was sending a mail with an EICAR antivirus test file > from my @gentoo.org address to my private mail. > > This made me note something that I believe is a configuration bug in the > gentoo SMTP server configuration: > The mails get rejected by the receiving mail server with a permanent error > ("554 Virus found - Signature is Win.Test.EICAR_HDB-1"). However the mails > are still in the queue and the gentoo.org SMTP tries to resend them every > few minutes. > > Based on the SMTP standards error codes starting with 5 (5xx) should all be > treated as permanent errors. Resends should only happen on 4xx errors, on > 5xx errors the right behaviour would be to immediately cause an error mail > for the sender. Do you have the message ID? -A
981E534338F and C3E183433F7, both currently still in the queue.
(In reply to Hanno Böck from comment #2) > 981E534338F and C3E183433F7, both currently still in the queue. They are in the queue because the queue thinks they were greylisted. Jan 31 09:09:52 woodpecker postfix/smtp[22498]: 981E534338F: host REDACTED said: 451 4.7.1 Greylisting in action, please come back in 00:04:00 (in reply to end of DATA command) Now its in state: Jan 31 09:09:55 woodpecker postfix/smtp[22498]: 981E534338F: to=REDACTED, delay=7.9, delays=1.7/0/ 5.6/0.56, dsn=4.3.0, status=deferred (bounce or trace service failure) Maybe we are confused because you greylisted us, then we came back and you are telling us to get bent, but we expected to get bent at the initial smtp session...so now its gonna retry and eventually bounce. Note that we don't have great logs of the redelivery attempts (the second state log I've provided is the log of the redelivery attempt) so e.g. if the redeliveries are getting a 5XX perm error...there is no log of that on our side. -A
Yeah I believe that matches what I'm observing. So it seems the way the Gentoo SMTP behaves is this: If it gets a temporary error (4xx) first then it'll consider the mail to be a temporary failure, no matter what other errors it gets later. However I believe this is not correct. If it first gets a temporary error and then a permanent error this should indicate that it shouldn't try to deliver again.
(In reply to Hanno Böck from comment #4) > Yeah I believe that matches what I'm observing. > > So it seems the way the Gentoo SMTP behaves is this: If it gets a temporary > error (4xx) first then it'll consider the mail to be a temporary failure, no > matter what other errors it gets later. > > However I believe this is not correct. If it first gets a temporary error > and then a permanent error this should indicate that it shouldn't try to > deliver again. Yeah the real question is bug in our config, or bug in postfix, or expected behavior, and how do we tell the difference. 2 <hanno@schokokeks.org>: bounce or trace service failure 3 recipient=hanno@schokokeks.org 4 offset=798 5 dsn_orig_rcpt=rfc822;hanno@schokokeks.org 6 status=4.3.0 7 action=delayed 8 diag_type=smtp 9 diag_text=554 Virus found - Signature is Win.Test.EICAR_HDB-1 10 mta_type=dns 11 mta_mname=zucker.schokokeks.org 12 reason=bounce or trace service failure So interestingly in the qmgr daemon state file we see status=4.3.0 (so temp defer.) But in the diag_text we see the 554 virus found! Bug in postfix? It seems like it should be updating the status? -A
We are running 3.6.3 fwiw. -A
