This file lists the errors issued by SAUCE and what they mean. Note that this manual is still very sketchy, and in many cases only Internet mail and/or DNS experts will be able to understand it. All messages may be followed by [ANGER_LEVEL] This will appear if the sending of the response was delayed due to anger, for all major errors, and always in the greeting. Anger levels: Furious - so angry that further anger won't incur any longer delays to messages Angry - angry enough that even success responses are delayed Irritated - only error responses are delayed Pleased - no delays to any messages (anger is zero or negative) Ecstatic - more than halfway to the maximum pleasure level, and also more pleased than Furious is angry. SMTP read errors are counted as Major. 220 $canonical_hostname sauce-smtpd ESMTP ready 221 $canonical_hostname goodbye Response to QUIT. Connection closes. 250 $canonical_hostname hello $ident@$remote_host (postmaster@$main_domain) Response to HELO. $remote_host is the hostname if it is available. If the calling mail domain name has not been determined the bit in parens it is omitted. $ident is empty if no RFC1413 (`TCP remote username protocol') ident could be acquired. 250-$canonical_hostname hello $ident@$remote_host (postmaster@$main_domain) 250-8BITMIME 250 PIPELINING Response to EHLO. (Exact list of extensions will depend on the underlying MTA.) 250 NOOP OK 250 OK Response to RSET. 354 Send text Normal response to DATA. 504 SAUCESTATE not available. 100- 100-$state_variable $value ... 100 Responses to SAUCESTATE (disabled by default). config allow_saucestate. 214- 214 QUIT HELP NOOP HELO EHLO MAIL RCPT DATA QUIT RSET VRFY Response to HELP. 502 Command unrecognised SAUCE doesn't recognise an SMTP command. This should not happen, since senders should use ESMTP EHLO (RFC1651) to probe for extension commands before trying to use them. Major. 421 $canonical_hostname Shutting down Never delayed, doesn't increase anger. Connection closes. 501 No parameters allowed Could be in response to RST, NOOP, HELP, DATA, QUIT. Major. 500 Syntax error Input was received that didn't look like an SMTP command verb followed by some parameters, where one was expected. This would indicate serious protocol violation problems. Major. 503 need HELO or EHLO before MAIL 503 MAIL already issued 503 HELO or EHLO already specified This would mean that SAUCE and the sender disagree about the state of the SMTP session between them, which is a bug in one or both. See RFC821 s3.1. Major. 501 Syntax error in parameter to MAIL 501 Syntax error in parameter to RCPT 501 Syntax error in recipient ($description) 501 Syntax error in sender ($description) MAIL must be followed by FROM: or by FROM:<> (and either may be followed by additional parameters); RCPT must be followed by TO:. Depending on the address this might be due to weird addresses and/or failure to quote properly by the sending MTA. RFC821 s3.1, s4.1.2; RFC1123 s5.2.9. See also address syntax errors, below. Major. Descriptions of address syntax errors include: invalid domain invalid source route syntax invalid local-part syntax 550 Domain-literal senders not allowed Ie, MAIL FROM:<$user@[$address]>. Major. 250 [$address] $response The MAIL FROM address was verified and is accepted. For example: << MAIL FROM: SAUCE looks up from.example.com using MX and A records and finds that a mail exchanger with address (say) 172.30.206.1 is listed. Then SAUCE connects to it and has the following dialogue: << 220 from.example.com >> MAIL FROM:<> << 250 >> RCPT TO: << 250 is fine by me Then it issues in the original session: >> 250 [172.30.206.1] is fine by me 450 Unable to verify: $verification_temp_failure 550 $verification_perm_failure This happens in response to MAIL FROM if the address verification fails. See below for details of address verification error messages. Major. 503 MAIL FROM parameter string too long One of the optional (extension) parameters to MAIL FROM was too long. config max_smptpparams_size. Major. 252 VRFY not supported by SAUCE. RFC1123 5.2.3. 503 need MAIL before RCPT 503 No recipients specified Usually this means that a sender made use of the PIPELINING SMTP extension (RFC1854), but RCPT failed, so the state machine is wrong for the RCPT or DATA command, respectively; this error is just the response to the next command which was issued before the result of the first one was known. This will not cause these errors to appear in bounces. If they occurs in other contexts the SMTP state machines in SAUCE and the sender are out of step, which is a bug in one or both; see RFC821 s3.1. Minor. Eg: >> 220 to.example.com << EHLO from.example.com >> 250-to.example.com >> 250 PIPELINING << MAIL FROM: << RCPT TO: << DATA >> 550 [172.30.206.1] 550 Unknown user bogus >> 503 need MAIL before RCPT >> 503 No recipients specified 501 Syntax error in HELO domain The argument to HELO or EHLO must have proper hostname syntax. RFC1123 s5.2.5, RFC821 s4.1.2. This commonly occurs if characters like underscores, which are not legal in hostnames, are used in configuration. Major. 504 IP literal ([$addr]) in HELO forbidden by adminstrator By default, SAUCE will reject HELO and/or EHLO which consists of an IP address instead of a domain name. config forbid_helo_ipliteral. Major. 504 HELO name ($name) has no address matching [$address] 504 HELO name ($name) does not map to any addresses: $dns_perm_error 504 HELO name ($name) has no address matching [$address] 450 HELO name ($name) lookup failed: $dns_temp_error HELO/EHLO name checking is enabled (this is not the default), but the name given did not map to a set of set of addresses which include the calling host. config check_helo_name. See DNS errors, below. Major. 393 $chal 501 \x{24} \x{32} please 503 Need SAUCEADMIN on its own first 490 challenge overwritten 491 challenge timed out 495 admin secret missing# 492 incorrect response 294 yes master To do with the SAUCE-specific SAUCEADMIN command. Should not happen to real SMTP clients. Never delayed, 5xx codes are major, others do not induce anger. 504 Cannot find address host name via reverse DNS or HELO The usual algorithm for finding the caller's mail domain name (which will be used, for example, to send blacklist notifications), starts with the HELO domain name, or failing that the reverse DNS domain from the SMTP connection. This domain is looked up for MX records. If none are found then one leaf name is stripped and the lookup is repeated. If no domains with MX records are found before the domain reaches 1 component then the whole original domain name is used. If the HELO string is an IP address literal and the reverse DNS is not correct then this procedure is not possible because there is no starting point. config require_callingmaildomain_name, require_callingmaildomain_dnsok, require_reverse_dns. If the check is disabled an IP literal for the calling system is used where the calling mail domain is required. Major. 450 Cannot find mail domain (MX for $domain): $dns_error During the lookups described above, SAUCE encountered some kind of DNS problem. Major. 250 $bland_message Response to RCPT: the message is being junked due to the caller being blacklisted; recipients are accepted so that data is transferred and the maximum amount of data for the blacklists is acquired. config bland_message. 2xx $mta_response Successful Response to RCPT or message body. The underlying MTA's message is shown. xxx $mta_response Error response to MAIL, RCPT, DATA or message body from underlying MTA. Major. 550 $rbl_message Calling site is blacklisted by RBL configuration. config rbl. Major. 550 Blacklisted sender $local@$domain 550 Blacklisted site [$address] Response to RCPT. Caller is blacklisted. Major. 250 You are on the whitelist Response to MAIL FROM. Calling site and sender address are whitelisted. 250 You are on the blacklist Response to MAIL FROM. Calling sender address is blacklisted; RCPTs will be rejected with `550 Blacklisted sender', above. 250 You were verified previously Response to MAIL FROM. The sender address was verified at some point in the past. 250 You are on the greylist Response to MAIL FROM. The calling site or sender address were first encountered recently and were OK then, but are still on probation. 250 Bounce is from whitelisted site 250 Ready to receive a bounce Responses to MAIL FROM:<>. 421 $canonical_hostname $address: reverse DNS: $dns_error On connection. config require_reverse_dns. Major. Connection closes. 421 $canonical_hostname $any_response [too many errors] Too many errors occurred on the same SMTP connection. $any_response is the error response that was about to be issued but which broke the camel's back. Major. Connection closes. 421 $canonical_hostname Timed out waiting for command Minor. Connection closes. 421 $canonical_hostname Shutting down, try later 421 $canonical_hostname Configuration error, try later On connection. Immediate, does not cause anger. 421 $canonical_hostname $loglevel log error: $error, try later SAUCE is having difficulty writing to its logfiles. On connection. Immediate, does not cause anger. 421 $canonical_hostname Internal error, try later Immediate, does not cause anger. Consult the error.log. 421 $canonical_hostname $mta_response Underlying MTA gave unexpected greeting, or unexpected response to HELO/EHLO. 421 $canonical_hostname $printwhat, try later 421 $canonical_hostname $printwhat, try later 421 Too busy ($nconns/$max_like_you $annoy_ms) SAUCE already has too many incoming SMTP connections. config conns_max. On connection. Minor. Anger level string always appended. $nconns is current total number of incoming connections; $max_like_you is the number of simultaneous connections beyond which it will accept no more connections from addresses with which it is as angry as this caller. $annoy_ms is its current anger with the caller in milliseconds. If after the extra anger added by this command SAUCE's anger level is capped by the annoy_grudge_max configuration parameter, SAUCE will firewall out new SMTP SYN packets. config busyfury_firewall*, firewall_command. 450 $defer_message 450 $rbl_defer_message Response to RCPT TO. The calling site or sender address has not been seen until recently, and mail is being turned away with this temporary failure code for a while. config new_site_message, new_addr_message, rbl. Minor. Anger level string is always shown. 554 First line of header was header field continuation 554 header line too large (>$max_header_size bytes 554 Header data malformed 554 Message-ID header appears twice Major, after data. 554 No Message-ID header 554 Resent- header(s), but no Resent-Message-ID config require_messageid. Major, after data. 554 No originators in envelope or body The MAIL FROM was <> and there were no actual email addresses in any RFC822 originator fields in the header. Major, after data. 550 address $originator: $verification_perm_failure One of the email addresses, $originator, in RFC822 originator fields (From, Sender, etc.) in the header failed to verify. See verification failures, below. Major, after data. Temporary verification failures for originators in message headers do not cause message rejection or deferral. 554 error in $header header: $description The RFC822 originator address header $hn has a syntax error. Major, after data. Descriptions include: invalid text in comment missing end of quoted string invalid data invalid syntax invalid address 554 Blacklisted `$header' 554 Blacklisted originator address `$originator' 554 Blacklisted address `$originator' in headers The RFC822 originator address header $header contained a blacklisted address $originator (only one of these messages will be issued; which depends on the internal workings of SAUCE wrt which data it has available). Major, after data. 550 $blacklist_message Response to message body. Calling site is blacklisted due to this message. config blacklist_message. Major, after data. Address verification errors: A permanent verification failure for an address happens when either a permanent DNS failure happens looking up the MX or A records for the mail domain, or if during the verification the SMTP dialogue goes something like this: << MAIL FROM: verification connection to from.example.com 172.30.206.1: << 220 from.example.com >> MAIL FROM:<> << 250 >> RCPT TO: << 550 Unknown user bogus >> 550 [172.30.206.1] Unknown user bogus Temporary verification errors can happen if with verification SMTP dialogues like this: << MAIL FROM: verification connection to from.example.com 172.30.206.1: << 220 from.example.com >> MAIL FROM:<> << 250 >> RCPT TO: << 450 /home/broken-forward/.forward: syntax error >> 450 Unable to verify: [172.30.206.1] 450 /home/broken-forward/.forward: syntax error or << MAIL FROM: verification connection to from.example.com 172.30.206.1: << 220 from.example.com >> MAIL FROM:<> << 550 I am a really crap mailer >> 450 Unable to verify: [172.30.206.1] MAIL FROM:<> => 550 I am a really crap mailer Various other problems and timeouts can result in temporary verification failures. The messages should be self-explanatory. They can also happen due to temporary DNS failures. DNS errors: Note that the DNS errors reported by SAUCE are largely output from host(1). In the future SAUCE will use adnshost instead of host, and the messages will be quite different. Permanent DNS errors: $domain does not exist. (authoritative answer) $domain has no $type record (authoritative answer) $domain $type record currently not present This message is due to a bug in host(1) misinterpreting certain nameserver replies. It actually means that $domain has no $type record at all, and is treated that way. Temporary DNS errors: If host(1) produces any output (including stderr output) which SAUCE doesn't explicitly understand, this is treated as a temporary failure. Some key ones are listed here: broken-mx.example.com MX host mail-alias.example.com is not canonical Corresponds to eg broken-mx.example.com MX 5 mail-alias.example.com mail-alias.example.com CNAME hermes.example.com hermes.example.com A 172.30.206.4 References: BIND Nameserver Operations Guide: > 5.5.8. CNAME - Canonical Name > > ... Any resource records that include a domain name as their > value (e.g., NS or MX) _must_ list the canonical name, not > the nickname. ... RFC2181 `Clarifications to the DNS Specification' (still at Proposed Standard): > 10.3. MX and NS records > > The domain name used as the value of a NS resource record, or part of > the value of a MX resource record must not be an alias. broken-mx.example.com MX host forgotten.example.com does not exist broken-mx.example.com MX host forgotten.example.com has no A record Nameserver not responding broken-mx.example.com MX record not found, try again broken-mx.example.com MX record not found, server failure These should be obvious (server failure generally refers to the remote nameserver). Reverse DNS lookups can produce error messages of the form: $address -> $host1 -> $problem1;... -> $host2 -> $problem2;... where $host1 etc. are the hostnames suggested by PTR records, and $problem1 etc. are the problems with them. Typical problems are any DNS failure, and also: $different_address_a, $different_address_b, ... if none of the host's addresses match the original address. Eg, a typical error might look something like 172.30.206.1 -> broken-reverse.example.com -> 172.30.206.2, 172.30.206.3 which means that 172.30.206.1 has a PTR pointing to broken-reverse.example.com, which in turn has only the addresses 172.30.206.2 and 172.30.206.3. This file is part of SAUCE, a very picky anti-spam receiver-SMTP. SAUCE is Copyright (C) 1997-2003 Ian Jackson This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. $Id: ERRORS.text,v 1.3 2003/06/15 15:46:40 ian Exp $