Diagnostic-Code: SMTP; 571 Denied by policy
August 2008
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
About
This site is an effort to share some of the base knowledge I have gathered through all this years working with Linux, FreeBSD, OpenBSD, Python or Zope, among others. So, take a look around and I hope you will find the contents useful.
Recent Entries
Ya estan aquiiii....(08/19 19:39)
bogofilter and the importance of HAM(08/18 19:48)
From scripting to object-oriented Python programming(08/14 14:27)
upgrading django applications to recent revisions(08/14 13:52)
First Codigo23 sprint(08/13 14:39)
FreeBSD, OpenLDAP and the boot process(08/12 14:27)
I'll be at the djangocon(08/01 11:00)
My second MRI(08/01 10:41)
xkcd: linux, a true story(07/30 11:32)
Debugging your webapp, the funny way(07/10 18:37)
Recent Comments
Re: Aprender Python(foz : 08/20 00:03)
Re: bogofilter and the importance of HAM(Wu : 08/19 14:08)
Re: bogofilter and the importance of HAM(Juanjo : 08/18 19:52)
Re: From scripting to object-oriented Python programming(r0sk : 08/14 17:13)
Re: First Codigo23 sprint(r0sk : 08/13 22:54)
Re: I'll be at the djangocon(Wu : 08/11 16:21)
Will try(Milan Andric : 08/09 04:42)
Re: Problem with ssl in Python 2.5(Wu : 08/06 01:45)
Re: I'll be at the djangocon(Wu : 08/06 01:43)
Re: I'll be at the djangocon(pAvL0 : 08/05 19:59)
Other Weblogs

Greece: Residence permit for european citizens
2008-08-21 Graffic

My deepest condolences to Madrid
2008-08-21 Graffic

Breezy Hill
2008-08-20 betabug

Modo psíquico de Pidgin
2008-08-20 blackshell

¿Quién envía correos con mail() de PHP?
2008-08-19 blackshell

Unplugged
2008-08-18 emereci

Work in an empty city
2008-08-18 betabug

Brother printer and GNU (aka Linux)
2008-08-17 The Best of Marc García

Full moon + eclipse at the Parthenon.
2008-08-17 Graffic

SSH: Tarda mucho en conectar
2008-08-14 userlinux

¡ hacedme sitio domingueros !
2008-08-14 propiedadprivada.com

Apapacho's time
2008-08-13 emereci

Test Post
2008-08-13 BSDCow

No title provided
2008-08-13 emereci

StdImage updated to trunk
2008-08-13 The Best of Marc García

Google Insights para Búsquedas
2008-08-12 propiedadprivada.com

Eclipse: instalando PDT
2008-08-12 userlinux

Género de la palabra wiki
2008-08-11 userlinux

La blogosfera valenciana y la cadena SER
2008-08-09 blackshell

Alzamiento y caida de… Twitter
2008-08-09 propiedadprivada.com

Cuil? WTF!
2008-08-08 The Best of Marc García

Sweet Tourist Life
2008-08-07 betabug

BSD in Paris
2008-08-04 BSDCow

Netboot installing Ubuntu on a SunFire X2200
2008-06-02 Tomster

Eco-friendly danger sign
2008-05-26 BSDCow

blueprint css + jquery
2008-04-26 Tomster

Connecting Plone to Mac OS X Server with LDAP
2008-04-18 Tomster

Recent Trackbacks
Aprender Python en Lugo(10/27 19:09)
Categories
OpenBSD (7 items)
BSD (0 items)
FreeBSD (4 items)
Linux (0 items)
Security (3 items)
Python (7 items)
Zope (8 items)
Daily (36 items)
e-shell (3 items)
Hacks (4 items)
PostgreSQL (1 items)
OSX (6 items)
Nintendo DS (0 items)
enlightenment (0 items)
Apache (1 items)
Nintendo Wii (0 items)
Django (4 items)
Music (5 items)
Archives
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007

Syndicate this site (XML)

RSS/RDF 0.91

09 mayo
2008

Diagnostic-Code: SMTP; 571 Denied by policy

WTF is that??
[Daily] 

I've found that message this morning. reported by a user from one of the mail servers I manage. Two of those mail servers are almost identical, same Operating System (FreeBSD), same configuration (Sendmail + Cyrus + SASL + OpenLDAP). Each server is located in a completely different ip range and a user from one of the servers, let's call it ServerP reported a returning mail error like:

From: Mail Delivery Subsystem <MAILER-DAEMON@ServerP>
To: <user@ServerP_domain.com>
Subject: Returned mail: see transcript for details
Date: Fri, 9 May 2008 13:41:16 +0200 (CEST)

The original message was received at Fri, 9 May 2008 13:41:12 +0200 (CEST)
from whatever.whatever.com [213.60.82.227]

   ----- The following addresses had permanent fatal errors -----
  <destination_user@ISM.seg-social.es>
  (reason: 571 Denied by policy )

  ----- Transcript of session follows -----
  ... while talking to smtp.seg-social.es.:
  >>> MAIL From:<user@ServerP_domain.com> SIZE=850
  <<< 571 Denied by policy
  554 5.0.0 Service unavailable


[message/delivery-status (320B)]
Reporting-MTA: dns; dns.ServerP_domain.com
Received-From-MTA: DNS; whatever.whatever.com
Arrival-Date: Fri, 9 May 2008 13:41:12 +0200 (CEST)

Final-Recipient: RFC822; destination_user@ISM.seg-social.es
Action: failed
Status: 5.0.0
Diagnostic-Code: SMTP; 571 Denied by policy
Last-Attempt-Date: Fri, 9 May 2008 13:41:16 +0200 (CEST)

(of course, I've replaced real data with dummy information, but the destination server is smtp.seg-social.es for real)

At first I thought it could be a destintation server problem (or that's what 554 5.0.0 Service unavailable means to me), but then I tried to send an email to the same destination address from the other server, let's call it ServerC, and that one got through, reaching the destination address mailbox.

Well, that pointed me back to the message:

571 Denied by policy

Denied by policy, what could that mean? it seems like some kind of local, server-side filtering for me, but I'm not sure. Could it be that the ip address of ServerP is in some kind of local blacklist?, don't know really.

Searching through Google, the only releveant information pointed me to a windows 2003 mail server with a bad DNS configuration, but hey, that smtp.seg-social.es is the mail server for a spanish government institution... it couldn't be that the server is so badly configured...

Any ideas? Someone suffered that problem before?

Posted by wu at 15:35 | Comments (6) | Trackbacks (0)
<< django hacks: accesing a model.field verbose_name... | Main | New server connection >>
Comments
Re: Diagnostic-Code: SMTP; 571 Denied by policy

Check this:

http://www.spamhaus.org/pbl/query/PBL186941

Assuming that 213.60.82.227 it's the IP of your server, of course :)

Posted by: Juanjo at mayo 09,2008 20:04
Re: Diagnostic-Code: SMTP; 571 Denied by policy

No it's not. That's the ip address used to connect to my own server (both tries, with ServerP and ServerC), that is, the ip address of the workstation where the MUA that sent the e-mail was running.

And yes, that ip address is within R (mundo-r.com, the galician cable provider) ip address range, which is in every blacklist you could find ;).

Posted by: Wu at mayo 09,2008 21:07
Re: Diagnostic-Code: SMTP; 571 Denied by policy

did you solve the problem? I'm with the very same "571 Denied by policy".

Posted by: sergi at julio 16,2008 14:21
Re: Diagnostic-Code: SMTP; 571 Denied by policy

Obviously I'm also talking about smtp.seg-social.es
Oh, and I'm using a redhat and a sendmail

Posted by: sergi at julio 16,2008 14:23
Re: Diagnostic-Code: SMTP; 571 Denied by policy

I didn't watch the report enough...it seems it just wants the mail to be send from the same IP that the dns reports the mx is...lame, too lame and sad, and it's an official institution.

Posted by: sergi at julio 16,2008 15:00
Re: Diagnostic-Code: SMTP; 571 Denied by policy

Hi sergi.

In my case the problem solved itself without me doing anything (so I don't know really what happened).

Anyway, in my case the email messages were sent from the same ip address as the MX record for my domain, so that was not the problem at all.

The solution (IMHO) is to contact the technical stuff in the institution and notify them about the issue, mostly because it could be a misconfiguration problem or something like that, and they probably do not have any idea it is happening.

(good luck)

Posted by: Wu at julio 16,2008 16:54
Trackbacks
Please send trackback to:http://blog.e-shell.org/67/tbping
There are no trackbacks.
Post a comment