"550 Denied due to spam list" is a little harsh

[abnormaliti]

A reply of "550 Denied due to spam list" should be change to something a little more helpful when an attempt to deliver email to an incorrect address occurs.

"550 Unknown recipient" or "550 Unknown user" would be more appropriate.

The 550 response would have the same affect on spamming mail servers and a better text reply would help legitimate senders who can't type or have for whatever reason entered a wrong address realise their error and resend instead of call the IT Help Desk.

An admin configurable reply would be even better.

[vorlon2261]

To be perfectly honest, I prefer that its nasty to people who don't behave. ;-) I view it in similar terms to what happens when you get your username or password wrong in most authentication systems. You don't tell the user what they did wrong, you also don't tell them what they did right. This, being an authentication system, should not give out useful information in the event that some twit didn't set up their mail client right and didn't enable SMTP authentication.

Personally, I'd be happy with a "550 Bugger off, you shouldn't be here" or similar message. Otherwise you admit to a potential hacker that there is an authentication system to be broken here. If the error messages don't give away the ability to authenticate, this will lead some attackers (though not all) to believe there is no authentication...

As for your issue with holding users hands, surely you have documented your sites configuration process in enough detail that users can refer to that when setting it all up - along with common troubleshooting issues?

(Says me, who still has to finish writing his own documentation on this very topic... ;-)

[florian]

Well, the exact wording has to do a little bit with how Scalix works.

The Scalix SMTP relay has no concept of a domain; therefore, for every incoming address, it checks if the address is known in the SYSTEM directory. If yes, the message is accepted and gets delivered. If no, the message is handed over to sendmail for further processing. This Handover is seen as relaying; as relaying is forbidden by default, the 550 response is appropriate.

If you want all email to a certain domain to be forwarded to sendmail, you need to add a line reading

Code: Select all

RELAY accept domain.com

to your /var/opt/scalix/sys/smtpd.cfg file and restart the SMTP relay.

The mail will then be handed over to sendmail. If you then also add your domain to /etc/mail/local-host-names, sendmail will accept the mail as local, not try to forward it, and if the user is also unknwon at the unix side of things (after processing of aliases, etc.), a correct response (such as User Unknown) will be returned to the sender.

Hope this helps,
Florian.

P.S. Per se, I agree - as most undeliverable mail is nowadays probably really caused by spammers, answers can rarely be too harsh.