2

I run a couple of email relay hosts at work. A number of customers use ProofPoint as email washers, so their MX record in DNS is something like mxa-002d7b01.gslb.pphosted.com which washes the mail and forwards good ones onward.

Recently, proofpoint blacklisted the IP address of one of my relays. Sendmail logs showed this.

Jul 31 11:15:27 smtp1 sendmail[600]: x6VZBFRHN0:
to=<destination@domainname.com>, 
relay=mxa-002d7b01.gslb.pphosted.com. [148.163.155.188],
dsn=5.0.0, stat=Service unavailable

The sender address is a noreply@mydomain.com and is configured as a DISCARD in /etc/mail/access so we ended up dumping a lot of customer emails.

QUESTION: is it possible to configure sendmail to treat 500 "fatal" errors as 400 "transient" errors, and requeue the emails rather than bouncing them back to the sender ?

Details:

Queues will grow, that's totally acceptable. I don't have a way to regenerate those lost emails.

We're sending machine-generated emails, so they all look similar but not the same. Messages are not spam. Our end users pay for a larger service and these alerts are part of that service.

I don't know why proofpoint blocked that IP address, seems they don't know either. Yes I ended up routing email via another relay, and proofpoint accepted those messages, but that's a workaround, not a solution and could go wrong again.

Criggie
  • 2,379
  • 14
  • 25
  • It is wrong, "spammer like" way to fix it. Ham senders should keep copies and manage bounce messages. – AnFi Aug 10 '19 at 00:59
  • @AnFi yes I see your point, but I'm working around what Proofpoint is doing wrong. I don't have authority or power to re-engineer what my employer does with their emails. In terms of scale, this was 50k emails that were permanently rejected when they should have been temporarily-rejected. – Criggie Aug 10 '19 at 01:12
  • 1
    AFAIK It would require changes in sendmail's source code. – AnFi Aug 10 '19 at 03:16
  • I'm not stuck to sendmail - is this functionality available in any MTA ? – Criggie Aug 10 '19 at 05:18
  • Can you identify the potential troublemakers (destination domains)? How many messages per peak hour do you send to such domains? Maybe SIMPLE custom delivery agent MAY fix the problem. – AnFi Aug 11 '19 at 07:50
  • 1
    Doing this could cause other sites to mark you as a spammer, because you keep retrying rejected emails. – Barmar Aug 13 '19 at 17:17
  • @Barmar yes that would be bad for all destinations, I was intending to apply it to only domains hosted by Proofpoint. They've already broken the rules by permanently rejecting valid emails. – Criggie Aug 13 '19 at 20:37

0 Answers0