Difference between revisions of "Error text MTA options"

From Messaging Server Technical Reference Wiki
Jump to: navigation, search
m (Bulk update)
m (Bulk update)
 
Line 330: Line 330:
 
| |        5.7.1     
 
| |        5.7.1     
 
| |        SRS/MUL address has timed out     
 
| |        SRS/MUL address has timed out     
| |        Error text returned when the MTA attempts to decode an        [[addresssrs, noaddresssrs, destinationsrs, nodestinationsrs, sourcesrs, nosourcesrs Channel Options#addresssrs|SRS/MUL encoded address]]        whose [[srs_domain, srs_maxage, srs_secrets MTA Options #srs_maxage|timestamp has expired]].     
+
| |        Error text returned when the MTA attempts to decode an        [[addresssrs, noaddresssrs, destinationsrs, nodestinationsrs, sourcesrs, nosourcesrs Channel Options#addresssrs|SRS/MUL encoded address]]        whose [[srs_domain, srs_hash_algorithm, srs_maxage, srs_secrets MTA Options #srs_maxage|timestamp has expired]].     
 
|- style="background:blanchedalmond"
 
|- style="background:blanchedalmond"
 
| | <span id='error_text_srs_badhash'></span><tt>error_text_srs_badhash</tt>
 
| | <span id='error_text_srs_badhash'></span><tt>error_text_srs_badhash</tt>
Line 336: Line 336:
 
| |        5.7.1     
 
| |        5.7.1     
 
| |        SRS/MUL address has a bad hash value     
 
| |        SRS/MUL address has a bad hash value     
| |        Error text returned when the MTA&#x27;s attempt to decode an        [[addresssrs, noaddresssrs, destinationsrs, nodestinationsrs, sourcesrs, nosourcesrs Channel Options#addresssrs|SRS/MUL encoded address]]      finds an [[srs_domain, srs_maxage, srs_secrets MTA Options #srs_secrets|invalid hash value]].     
+
| |        Error text returned when the MTA&#x27;s attempt to decode an        [[addresssrs, noaddresssrs, destinationsrs, nodestinationsrs, sourcesrs, nosourcesrs Channel Options#addresssrs|SRS/MUL encoded address]]      finds an [[srs_domain, srs_hash_algorithm, srs_maxage, srs_secrets MTA Options #srs_secrets|invalid hash value]].     
 
|- style="background:blanchedalmond"
 
|- style="background:blanchedalmond"
 
| | <span id='error_text_spf_temperror_4'></span><tt>error_text_spf_temperror_4</tt>
 
| | <span id='error_text_spf_temperror_4'></span><tt>error_text_spf_temperror_4</tt>

Latest revision as of 16:12, 13 February 2020



The error_text_* options specify error text describing various error conditions; see the Table of error_text_* MTA options for details. Not all of the error responses potentially emitted by the MTA are configurable. In general, only error conditions that can be considered more or less local, or more or less proprietary to the MTA, such as invalid address conditions, user status problems such as a user being disabled or over-quota, attempts to exceed local message size limits, Sieve filter syntax errors, etc., are configurable. As a rule of thumb, error conditions that arise solely in the case of a message addressed to a "local" user have configurable error text, on the presumption that customized explanations may be useful and are likely to be comprehensible to someone who corresponds with a "local" user.

However, error conditions that are more fundamental to the SMTP protocol, that more naturally arise when the MTA is performing a function of pure SMTP relaying, generally do not have configurable error text; in such cases where an error response may well be going back to some remote user who has no connection (not even as a correspondent) with "local" users, the MTA always emits its own standard, technically precise, error response.

Keep in mind that all the error_text_* error text may potentially be emitted as SMTP error response text. Thus the values of all these options must conform to the requirements of SMTP error response text. In particular, they are constrained to be in the US-ASCII character set: the MTA will convert any eight bit characters in such option values into the dollar character, $. Also, SMTP responses are limited by the SMTP line length limit (998 characters, not including the final CRLF, and not including the leading numeric error code and extended error code).

error_text_* MTA options
Option SMTP code Extended code Default string used when option is not set Meaning and notes
error_text_unknown_host 550 or 450* 5.1.2 unknown host or domain Specifies the error text issued when, for instance, the domain in an address does not rewrite to any channel. (In particular, prior to Messaging Server 7.0.5, assuming that no "catch-all" or "." rewrite rule had been specified, an attempt to submit a message addressed to a top-level Internet domain not specified in the internet.rules file would result in this error. As of Messaging Server 7.0.5, the internet.rules file was modified to consist of solely a "." rule which consults the set of top level domain names from the tlds.txt file -- so in Messaging Server 7.0.5 or later, an out-of-date tlds.txt file or an attempt to submit a message to a top-level Internet domain not specified in the tlds.txt file will result in this error.)
error_text_unknown_user 550 or 450* 5.1.1 unknown or illegal user This error will be returned in cases such as illegal characters (or no characters) in a uid found during an alias_urlN lookup, or for users set to "native" (UNIX mailbox) delivery who do not have a UNIX account.
error_text_unknown_alias 550 or 450* 5.1.1 unknown or illegal alias This error will be returned if an address that matches (rewrites to) a channel marked with the viaaliasrequired channel option is not found as an alias. In particular, this is normally the error that will be returned in the case of non-existent "user" addresses in a domain hosted on a Messaging Server system, unless a domain is configured with special handling for "non-existent user" addresses such as a "catch-all" address or a mailRoutingSmartHost.
error_text_access_failure 550 5.7.1 you are not allowed to use this address This error text is not normally used unless the access_errors MTA option has been set. In that case, this error will be returned when an address cannot be submitted due to a group identifier on the destination channel, or due to *_ACCESS mapping table rejections.
error_text_alias_locked 452 4.2.0 list is currently reserved and locked This error is returned if an attempt to look up an alias in the alias file finds the alias file locked, or if an attempt to access a list file (such as an [AUTH_LIST] file) finds the list file locked.
error_text_alias_auth 530 or 550++ 5.7.1 you are not allowed to use this list This error is returned when, for instance, a list posting authorization check fails. (See also the discussion of access errors in the discussions of the ldap_reject_text MTA option and alias_error_text alias option.)
error_text_alias_fileerror 452 or 550+ 4.5.0 error opening file/URL referenced by alias This error is returned when a file or URL referenced by an alias cannot be opened; (that is, it exists but cannot be opened---compare with error_text_alias_fileexist).
error_text_alias_fileexist 452 or 550+ 4.5.0 nonexistant file referenced by alias This error is returned when a file referenced by an alias does not exist.
error_text_alias_temp 452 4.0.0 temporary error returned by alias expansion This error is returned in cases, for instance, of temporary LDAP errors attempting to lookup an alias, such as the LDAP server not responding. It is also returned if a user entry that requires a mailHost attribute (not all user entries do) is lacking the attribute.
error_text_send_remote_error 550 5.6.1 no protocol to SEND/SAML This error is returned in cases of an attempt to submit a message for direct broadcast (SEND) or for direct broadcast and e-mail (SAML) to a "local" user address that includes explicit routing characters (@, %, or !).
error_text_send_unknown_error 550 5.5.5 do not know how to SEND/SAML This error will be returned if attempting to send to a destination (channel) that does not support SEND/SAML functionality.
error_text_block_over 550 5.2.3 channel limit of %d kilobytes on message size exceeded This error will be returned (in the case of SMTP attempted submissions, at the RCPT TO stage of the SMTP dialogue) if a message exceeds the intended destination channel's blocklimit channel keyword setting and the sending e-mail client used the SIZE SMTP extension on the MAIL FROM command to inform the MTA "up front" of the message size. As of 7.0.5, a %d, if present, will be replaced with the actual limit value. (Prior to 7.0.5, the default text was "channel limit on message size exceeded".) This default error text, or any configured error text, will be suffixed with a colon and the recipient address being rejected. Note that this error text is not used for cases of exceeding a channel sourceblocklimit option setting, or the block_limit MTA option setting. First off, in those cases the MTA can potentially advertise its size limit to a sending client before a message is ever even submitted, so potentially the MTA never actually rejects the message itself; instead potentially a client that supports the SMTP SIZE extension refrains from even trying to send the message (and generates some message back to the original sender itself). If a message is submitted to the MTA despite the MTA's possibly advertised size limit, then in cases of exceeding a sourceblocklimit or block_limit when the client has used the SIZE extension, then the error text "Message exceeds local size limit." is used, or if the client does not use the SIZE extension (or puts a falsely small value in SIZE) so that the MTA has to reject the message after all the DATA has been sent and the MTA has computed the message size itself, the error_text_message_too_large message is used instead.
error_text_line_over 550 5.2.3 channel limit of %d lines on message length exceeded This error will be returned if a message exceeds the intended destination channel's linelimit channel option setting, and that fact is apparent when the recipient address(es) are being processed. As of 7.0.5, a %d, if present, will be replaced with the actual limit value. (Prior to 7.0.5, the default text was "channel limit on message length exceeded".) However, message line length is not normally apparent at recipient address processing time, but rather only apparent after the message body is processed; therefore this error text is not normally used. Note also that this error text is not used for cases of exceeding the line_limit MTA option setting. Thus normally the following non-configurable text is used: "a message x lines long exceeds the line limit of y lines computed for this transaction".
error_text_list_block_over 550 5.2.3 list limit of %d kilobytes on message size exceeded This error is returned if a message exceeds a list's configured size limit (in MTA blocks---see the block_size MTA option), configured via the [BLOCKLIMIT] named mailing list parameter for a list defined in the alias file or alias database, or via the alias_blocklimit alias option (Unified Configuration), or configured via the user/group-level mgrpMsgMaxSize attribute (more precisely, the attribute named by the ldap_maximum_message_size MTA option) or domain-level mailDomainMsgMaxBlocks attribute (more precisely, the attribute named by the ldap_domain_attr_blocklimit MTA option) for groups and lists defined in LDAP. As of 7.0.5, a %d, if present, will be replaced with the actual limit value. (Prior to 7.0.5, the default text was "list limit on message size exceeded".)
error_text_list_line_over 550 5.2.3 list limit of  %d lines on message length exceeded This error is returned if a message exceeds a list's configured line limit, configured via the [LINELIMIT] named mailing list parameter for a list defined in the alias file or alias database, or via the alias_linelimit alias option (Unified Configuration), and that fact is apparent when recipient address(es) are being processed. But since message line length is not normally known that early during message processing. As of 7.0.5, a %d, if present, will be replaced with the actual limit value. (Prior to 7.0.5, the default text was "list limit on message length exceeded".)
error_text_user_block_over 550 5.2.3 user limit of %d kilobytes on message size exceeded This error is returned if a message exceeds the maximum message size (in MTA blocks---see the block_size MTA option) that a user may receive, as configured via the [BLOCKLIMIT] named parameter for aliases in the alias file or alias database, or via the alias_blocklimit alias option (Unified Configuration), or via the user-level mailMsgMaxBlocks attribute (more precisely, the attribute named by the ldap_blocklimit MTA option) or domain-level mailDomainMsgMaxBlocks attribute (more precisely, the attribute named by the ldap_domain_attr_blocklimit MTA option) for users defined in LDAP. As of 7.0.5, a %d, if present, will be replaced with the actual limit value. (Prior to 7.0.5, the default text was "user limit on message size exceeded".)
error_text_user_line_over 550 5.2.3 user limit of %d lines on message length exceeded This error is returned if a message exceeds a user's configured line limit, configured via the [LINELIMIT] named parameter for an alias defined in the alias file or alias database, or via the alias_linelimit alias option in Unified Configuration, and that fact is apparent when recipient address(es) are being processed. But since message line length is not normally known that early during message processing, instead normally the non-configurable general error text "a message x lines long exceeds the line limit of y lines computed for this transaction" is used. As of 7.0.5, a %d, if present, will be replaced with the actual limit value. (Prior to 7.0.5, the default text was "user limit on message length exceeded".)
error_text_message_too_large 550 5.3.4 a message size of %d kilobytes exceeds the size limit of %d kilobytes computed for this transaction New in 7.0.5 - this error message was hard coded in previous releases. This error will be returned (in the case of SMTP attempted submissions, at the end of the data transfer stage of the SMTP dialogue) if a message exceeds computed size limit for the transaction. The first %d, if present, will be replaced with the estimated message size and the second with the computed limit, both in units of MTA blocks.
error_text_message_too_long 550 5.3.4 a message %d lines long exceeds the line limit of %d lines computed for this transaction New in 7.0.5 - this error message was hard coded in previous releases. This error will be returned (in the case of SMTP attempted submissions, at the end of the data transfer stage of the SMTP dialogue) if a message exceeds computed line limit for the transaction. The first %d, if present, will be replaced with the estimated number of message lines and the second with the computed limit.
error_text_insufficient_disk 452 4.3.4 message exceeds disk space available at this time New in 7.0.5 - this error message was hard coded in previous releases. This error will be returned (in the case of SMTP attempted submissions, at the end of the data transfer stage of the SMTP dialogue) if the storage requirements for the message exceed the amount of disk space available.
error_text_wrong_account 550 5.7.17 account information on file is older than actual user account This error is returned if an RRVS check on the account fails; see checkrrvs.
error_text_wrong_domain 550 5.7.18 domain owner has changed This error is returned if an RRVS check on the domain fails; see checkrrvs.
error_text_recipient_over 452 or 550+ 4.2.3 too many recipients specified This error is returned if a message exceeds any configured limit on recipients, that is, exceeding a channel recipientlimit keyword setting, a FROM_ACCESS mapping table $S recipient limit, a domain recipient limit (see the ldap_domain_attr_recipientlimit MTA option), or a user recipient limit (see the ldap_recipientlimit MTA option).
error_text_sieve_access 452 4.7.1 sieve filter access error This error is returned when the MTA cannot open a recipient user Sieve filter file.
error_text_sieve_syntax 452 4.7.1 sieve filter syntax error This error is returned when there is a syntax error in (or trouble in reading) a recipient user Sieve filter file.
error_text_disabled_user 550 or 450* 5.2.1 user disabled; cannot receive new mail This error is returned when the MTA detects that a user's personal status (inetUserStatus or mailUserStatus) or the user's domain status (mailDomainStatus) is disabled during alias expansion.
error_text_disabled_alias 550 or 450* 5.2.1 alias disabled; cannot receive new mail  
error_text_over_quota 451 or 550+ 4.2.2 user over quota; cannot receive new mail This the error returned, for instance by the SMTP server, when the MTA detects that either a user's personal status (inetUserStatus or mailUserStatus) or their domain status (mailDomainStatus) is overquota during alias expansion. But note that once a message is in a final delivery channel (ims-ms or tcp_lmtpc*) well past alias expansion processing, then the handling of messages to overquota users, and the error message returned, is controlled by the Message Store's configuration of overquota message handling, including the Message Store's grace period configuration, and the Message Store uses the IMAP over quota text as its error text in reports on overquota messages.
error_text_temporary_failure 452   unknown host or domain Note that this error text for certain generic temporary failures defaults to the same error text used also in cases of clear-cut "bad" domain names, error_text_unknown_host, as well as in cases of generic permanent failures, error_text_permanent_failure.
error_text_permanent_failure 550 or 530++   unknown host or domain Note that this error text for generic permanent failures defaults to the same error text used also in cases of clear-cut "bad" domain names, error_text_unknown_host, as well as in cases of generic temporary failures, error_text_temporary_failure.
error_text_illegal_8bit 553 5.1.3 illegal 8bit characters in address Incorrect eight bit data present in an address.
error_text_illegal_8bit_from 553 5.1.3 illegal 8bit characters in return address Incorrect eight bit data present in the return address.
error_text_disallowed_8bit 553 5.1.0 8bit characters in address not allowed in this context Eight bit data present in an address when eight bit is not allowed.
error_text_disallowed_8bit_from 553 5.1.0 8bit characters in return address not allowed in this context Eight bit data present in the return address when eight bit is not allowed.
error_text_receipt_it 250 2.0.0 message accepted for list expansion processing This option specifies the text used (by default "message accepted for list expansion processing") by the MTA when generating a delivery receipt (a notification message) to let a sender know that their message has gotten to the point of being expanded to a list. Note that the NOTARY specification (RFC 3461) explicitly requires that delivery receipt requests to mailing lists be responded to at the list expansion step; see Section 5.2.7.1 of RFC 3461 (which updates Section 6.2.7.1 of RFC 1891).
error_text_inactive_user 452 or 550+ 4.2.1 mailbox temporarily disabled  
error_text_inactive_group 452 or 550+ 4.2.1 group temporarily disabled This error is returned when the MTA detects that a group's status (the value of the inetMailGroupStatus attribute, or more precisely, the values of whatever LDAP attributes are named by the ldap_group_status or ldap_group_mail_status MTA options) or the group's domain status (mailDomainStatus, or more precisely the attribute named by the ldap_domain_attr_mail_status MTA option) is inactive during alias expansion.
error_text_disabled_group 550 5.2.1 group disabled; cannot receive new mail This error is returned when the MTA detects that a group's status (the value of the inetMailGroupStatus attribute, or more precisely, the values of whatever LDAP attributes are named by the ldap_group_status or ldap_group_mail_status MTA options) or the group's domain status (mailDomainStatus, or more precisely the attribute named by the ldap_domain_attr_mail_status MTA option) is disabled during alias expansion.
error_text_deleted_user 550 5.1.6 recipient no longer on server This error will be returned when a user has an inetUserStatus or mailUserStatus attribute, (more precisely, an attribute named by the ldap_user_status or ldap_user_mail_status MTA options) with value of "deleted" or "removed"
error_text_deleted_group 550 5.1.6 group no longer on server This error will be returned when a group has an inetMailGroupStatus attribute with value of "deleted" or "removed"; or more precisely, if either of the attributes named by the ldap_group_status or ldap_group_mail_status MTA options has such a value
error_text_duplicate_addrs 553 5.1.4 duplicate/ambiguous directory match The recipient address has matched multiple entries in the directory; this typically indicates that a mistake was made while provisioning users and domains in the directory.
error_text_spamfilter_error 451 4.7.1 filtering/scanning error As of MS 6.3, a synonym for the new-in-6.3 error_text_spamfilter1_error MTA option; as of MS 6.3, obsolete and used only if error_text_spamfilter1_error is not set.
error_text_spamfilterN_error 451 4.7.1 filtering/scannning error New in MS 6.3. The default error text to use when there is a problem attempting to use the Nth spam/virus filter package, if no more specific error text regarding the exact spam/virus filter package problem is available; N can have values in the range 1--8. As of 7.0.5.37, any value specified for this option unconditionally overrides any error text returned by the filter package.
error_text_brightmail_error 451 4.7.1 filtering/scanning error This obsolete option is used only if the error_text_spamfilter1_error MTA option is not set
error_text_still_held 452 4.2.1 cannot reenqueue while still held Default error text to use when there is an attempt to reenqueue to a recipient whose status is "hold"; for instance, an attempt to release a message from the hold channel when a recipient still has a personal or domain status of "hold"
error_text_empty_alias 550 5.2.4 alias failed to expand to any valid addresses New in MS 6.1.
error_text_nosolicit 550 or 530++ 5.7.1 solicitations of this type are not allowed New in MS 6.2. Default solicitation violation rejection text, if no more specific rejection text is available.
error_text_srs_syntax 553 5.1.3 Syntax error in SRS/MUL address The error text returned when the MTA's attempt to SRS/MUL decode an address encounters a syntax error in the SRS/MUL encoding.
error_text_srs_timeout 550 5.7.1 SRS/MUL address has timed out Error text returned when the MTA attempts to decode an SRS/MUL encoded address whose timestamp has expired.
error_text_srs_badhash 550 5.7.1 SRS/MUL address has a bad hash value Error text returned when the MTA's attempt to decode an SRS/MUL encoded address finds an invalid hash value.
error_text_spf_temperror_4 451 4.7.24 temporary error in SPF verification of MAIL FROM domain (New in MS 6.3, but not taking effect until Messaging Server 8.0) If the MTA option spf_smtp_status_temperror is set to 4, then this is error text to use when a temporary DNS error occurs attempting an SPF lookup on the domain from the MAIL FROM at either the MAIL FROM or RCPT TO stage; the domain name (inside parentheses) will be suffixed to the specified error text
error_text_spf_temperror_5 550 4.7.24 temporary error in SPF verification of MAIL FROM domain (New in MS 6.3 but not taking effect until Messaging Server 8.0) If the MTA option spf_smtp_status_temperror is set to 5, then this is error text to use when a temporary DNS error occurs attempting an SPF lookup on the domain from the MAIL FROM at either the MAIL FROM or RCPT TO stage; the domain name (inside parentheses) will be suffixed to the specified error text.
error_text_spf_permerror_4 451 5.7.24 permanent error in SPF verification of MAIL FROM domain (New in MS 6.3 but not taking effect until Messaging Server 8.0) If the MTA option spf_smtp_status_permerror is set to 4, then this is error text to use when a permanent DNS error occurs attempting an SPF lookup on the domain from the MAIL FROM at either the MAIL FROM or RCPT TO stage; the domain name (inside parentheses) will be suffixed to the specified error text.
error_text_spf_permerror_5 550 5.7.24 permanent error in SPF verification of MAIL FROM domain (New in MS 6.3, but not taking effect until Messaging Server 8.0) If the MTA option spf_smtp_status_permerror is set to 5, then this is error text to use when a permanent DNS error occurs attempting an SPF lookup on the domain from the MAIL FROM at either the MAIL FROM or RCPT TO stage; the domain name (inside parentheses) will be suffixed to the specified error text.
error_text_spf_fail_4 451 5.7.23 SPF verification of MAIL FROM domain failed (New in MS 6.3, but not taking effect until Messaging Server 8.0) If the MTA option spf_smtp_status_fail is set to 4, then this is the error text to use when an SPF lookup on the domain from the MAIL FROM at either the MAIL FROM or RCPT TO stage determines that the domain has failed to verify; the domain name (inside parentheses) will be suffixed to the specified error text. If additional explanation text is available, then it will also be suffixed (with a colon) after the domain name.

So, for instance, the entire error could appear as: 451 5.7.23 SPF verification of MAIL FROM domain failed (domain): explanation

or: 451 5.7.23 error_text_spf_fail_4 (domain): explanation

error_text_spf_fail_5 550 5.7.23 SPF verification of MAIL FROM domain failed (New in MS 6.3, but not taking effect until Messaging Server 8.0) If the MTA option spf_smtp_status_fail=5 is set, then this is the error text to use when an SPF lookup on the domain from the MAIL FROM at either the MAIL FROM or RCPT TO stage determines that the domain has failed to verify; the domain name (inside parentheses) will be suffixed to the specified error text. If additional explanation text is available, then it will also be suffixed (with a colon) to the error text.

So, for instance, the entire error could appear as: 550 5.7.23 SPF verification of MAIL FROM domain failed (domain): explanation or: 550 5.7.23 error_text_spf_fail_5 (domain): explanation

error_text_spf_softfail_4 451 4.7.23 SPF verification of MAIL FROM domain soft failed (domain) (New in MS 6.3, but not taking effect until Messaging Server 8.0) This is the error text to use when an SPF lookup of the MAIL FROM domain, performed at MAIL FROM time (configured via use of spfmailfrom) or RCPT TO time (configured via use of spfrcptto), determines that the domain has a "soft" verification failure and the MTA is configured to treat such verification failures as temporary errors: either an SPF SoftFail was returned for the specific domain name and spf_smtp_status_softfail=4 is set, or an SPF SoftFail "all" was returned for domain names including the specific domain name and spf_smtp_status_softfail_all=4 is set. The domain name (inside parentheses) will be suffixed to the specified error text. Note that for SPF lookups performed at EHLO/HELO (spfhelo) time, the error_text_spf_ehlo_softfail_4 text is used instead.
error_text_spf_softfail_5 550 4.7.23 SPF verification of MAIL FROM domain soft failed (New in MS 6.3, but not taking effect until Messaging Server 8.0) This is the error text to use when an SPF lookup of the MAIL FROM domain, performed at MAIL FROM time (configured via use of spfmailfrom) or at RCPT TO time (configured via use of spfrcptto), determines that the domain has a "soft" verification failure and the MTA is configured to treat such verification failures as permanent errors: either an SPF SoftFail was returned for the specific domain name and spf_smtp_status_softfail=5 is set, or an SPF SoftFail "all" was returned for domain names including the specific domain name and spf_smtp_status_softfail_all=5 is set. The domain name (inside parentheses) will be suffixed to the specified error text. Note that for SPF lookups performed at EHLO/HELO (spfhelo) time, the error_text_spf_ehlo_softfail_5 text is used instead.
error_text_spf_ehlo_temperror_4 451 4.7.24 temporary error in SPF verification of EHLO/HELO domain (New in 8.0) If the MTA option spf_smtp_status_temperror is set to 4, then this is error text to use when a temporary DNS error occurs attempting an SPF lookup on the domain from the EHLO/HELO command.
error_text_spf_helo_temperror_5 550 4.7.24 temporary error in SPF verification of EHLO/HELO domain (New in 8,0) If the MTA option spf_smtp_status_temperror is set to 5, then this is error text to use when a temporary DNS error occurs attempting an SPF lookup on the domain from the EHLO/HELO command.
error_text_spf_helo_permerror_4 451 5.7.24 permanent error in SPF verification of EHLO/HELO domain (New in 8,0) If the MTA option spf_smtp_status_permerror is set to 4, then this is error text to use when a permanent DNS error occurs attempting an SPF lookup on the domain from the EHLO/HELO command
error_text_spf_ehlo_permerror_5 550 5.7.24 permanent error in SPF verification of EHLO/HELO domain (New in 8.0) If the MTA option spf_smtp_status_permerror is set to 5, then this is error text to use when a permanent DNS error occurs attempting an SPF lookup on the domain from the EHLO/HELO command.
error_text_spf_ehlo_fail_4 451 5.7.23 SPF verification of EHLO/HELO domain failed (New in 8.0) If the MTA option spf_smtp_status_fail is set to 4, then this is the error text to use when an SPF lookup of the domain from the EHLO/HELO command determines that the domain has failed to verify. If additional explanation text is available, then it will be suffixed (with a colon) to the error text.

So, for instance, the entire error could appear (at the EHLO/HELO command stage) as: 451 5.7.23 SPF verification of EHLO/HELO domain failed: explanation or: 451 5.7.23 error_text_spf_ehlo_fail_4: explanation

error_text_spf_ehlo_fail_5 550 5.7.23 SPF verification of EHLO/HELO domain failed (New in 8.0) If the MTA option spf_smtp_status_fail=5 is set, then this is the error text to use when an SPF lookup of the EHLO/HELO domain determines that the domain has failed to verify. If additional explanation text is available, then it will be suffixed (with a colon) to the error text.

So, for instance, the entire error could appear as: 550 5.7.23 SPF verification of EHLO/HELO domain failed: explanation or: 550 5.7.23 error_text_spf_ehlo_fail_5: explanation

error_text_spf_ehlo_softfail_4 451 4.7.23 SPF verification of EHLO/HELO domain soft failed (New in 8.0) This is the error text to use when an SPF lookup of the EHLO/HELO domain name (configured via use of spfhelo), determines that the domain has a "soft" verification failure and the MTA is configured to treat such verification failures as temporary errors: either an SPF SoftFail was returned for the specific domain name and spf_smtp_status_softfail=4 is set, or an SPF SoftFail "all" was returned for domain names including the specific domain name and spf_smtp_status_softfail_all=4 is set. If additional explanation text is available, then it will be suffixed (with a colon) to the error text.
error_text_spf_ehlo_softfail_5 550 4.7.23 SPF verification of MAIL FROM domain soft failed (New in 8.0) This is the error text to use when an SPF lookup of the MAIL FROM domain, performed at RCPT TO time (configured via use of spfrcptto), determines that the domain has a "soft" verification failure and the MTA is configured to treat such verification failures as permanent errors: either an SPF SoftFail was returned for the specific domain name and spf_smtp_status_softfail=5 is set, or an SPF SoftFail "all" was returned for domain names including the specific domain name and spf_smtp_status_softfail_all=5 is set. If additional explanation text is available, then it will be suffixed (with a colon) to the error text.
error_text_mailfromdnsverify 550 or 450 5.1.8 or 4.1.8 invalid/host-not-in-DNS return address not allowed (New in MS 6.3) The 450 4.1.8 error is returned for all cases of DNS verification lookup "failures" other than HOST_NOT_FOUND; hence DNS lookup difficulties such as DNS server failure to respond will result in this error. Normally, the 550 5.1.8 error is returned when a DNS verification lookup returns a definitive HOST_NOT_FOUND error. However, if bit 5/value 32 of the returnenvelope channel option is set, then HOST_NOT_FOUND will also result in a temporary 450 4.1.8 error rather than the permanent 550 5.1.8 rejection.
error_text_null_mx 521 or 550** 5.1.10 or 5.7.26** host/domain does not accept mail (New in 8.0) This error is returned when the domain associated with a recipient address resolves to a so-called "null MX". This error message is also returned when bit 3 (value 8) and bit 6 (value 64) of the returnenvelope channel option or the return_envelope MTA option are set and a domain with a "null MX" appears in the envelope sender (MAIL FROM) address.
error_text_invalid_return_address 550 5.1.7 invalid/unroutable return address not allowed (New in MS 6.3) The 550 5.1.7 error is returned if bit 2 (value 4) of the returnenvelope channel option is set and rewriting of the MAIL FROM failed to match any channel.
error_text_unknown_return_address 550 5.1.8 invalid/no-such-user return address (New in MS 6.3) The 550 5.1.8 error is returned if bit 4 (value 16) of the returnenvelope channel option is set and the MAIL FROM address is local but could not be resolved to any known user.
error_text_accepted_return_​address 250 2.5.0 return address invalid/unroutable but accepted anyway (New in MS 6.3) This is not, properly speaking, an error - this message is returned when an invalid MAIL FROM address is given but accepted by the MTA anyway.
error_text_source_sieve_access 450 4.3.0 source channel sieve filter access error (New in MS 6.3) This error is returned when the MTA cannot open a source channel Sieve filter file.
error_text_source_sieve_syntax 450 4.3.0 source channel sieve filter syntax error: (New in MS 6.3) This error is returned when there is a syntax error in (or trouble in reading) a source channel Sieve filter.
error_text_source_sieve_​authorization 450 4.3.0 source channel sieve filter authorization error (New in MS 6.3) Currently unused.
error_text_transaction_limit_​exceeded 450 4.5.3 number of transactions exceeds allowed maximum (New in MS 6.3) Error returned at MAIL FROM when the channel transactionlimit option, specifying the maximum number of transactions allowed in the session, is exceeded.
error_text_insufficient_queue_​space 450 4.3.1 insufficient free queue space available (New in MS 6.3) Issued in response to a MAIL FROM: command if the free disk space available to the MTA in the MTA's queue area dips below 10 MTA blocks
error_text_temporary_write_error 451 4.4.5 error writing message temporary file (New in MS 6.3) The SMTP server prefixes this error text with the message: 451 4.4.5 Error writing message temporaries -

An internal channel such as the reprocess channel would record this error text in its delivery history, and in its "Q" record.

error_text_smtp_lines_too_long 554 5.6.0 lines longer than SMTP allows encountered; message rejected (New in MS 6.3) Issued when rejectsmtplonglines is in effect, and a line longer than 998 characters (not including the SMTP CRLF line terminator) is seen in the message data.
error_text_unnegotiated_eightbit 554 5.6.0 message contains unnegotiated 8bit (New in MS 6.3) Issued when a source TCP/IP channel has eightstrict or utf8strict set, and the incoming message contains unnegotiated eight bit data.
error_text_mls_access_failure 550 5.7.1 security access check failure (New in 7.0) This restricted option is currently unused.
error_text_spare_error       Obsolete (does not exist) as of MS 6.2.
error_text_spare1_error       (New in MS 6.2) This option provides a spare slot so a new settable error message can be added to an existing release. Use of this option is restricted.
error_text_spare2_error       (New in MS 6.2) This option provides a spare slot so a new settable error message can be added to an existing release. Use of this option is restricted.

+ Whether the error code used is a temporary 4yz (the default) or a permanent 5yz error code is controlled by the use_permanent_error MTA option.

++ In place of the usual 550 error code, the 530 error code is used when the problem relates to security: as for instance failure to properly authenticate (successfully use SMTP AUTH) when authentication is required.

+++ Errors at MAIL FROM: stage use 450; errors at RCPT TO: stage use 452.

* (Added in 8.0.) Whether the error code used is a permanent 5yz (the default) or a temporary 4yz error code is controlled by the use_temporary_error MTA option.

** (Added in 8.0) Error regarding null MX for a recipient uses 521 5.1.10; error regarding null MX for a sender uses 550 5.7.26.


Also note that errors authenticating (errors attempting SMTP AUTH use) are a separate category of error type, returning hard-coded error text. (So for instance the error_text_disabled_user option discussed above is relevant to attempts by the MTA to verify that the user is a currently valid recipient; for instance, that error could be returned as an SMTP rejection of that user's address as an envelope recipient address. But an attempt by that same disabled user to submit a message using SMTP AUTH to authenticate would fail authentication and result in a different error, discussed in the table MTA AUTH errors.) Note that for security reasons, a number of different underlying error conditions cause the same error text to be returned in the SMTP rejection, while more specific details can be provided in the message-id field of MTA connection transaction logging if the MTA option log_message_id is enabled.

MTA AUTH errors
SASL error or code SMTP code Extended code Basic SMTP error text+ log_message_id text in "U" record Notes
HULA_BADPARAM or HULA_NOMEM 450 4.3.0 SASL initialization failed; server unavailable   LDAP server unavailable/unresponsive for authentication; proxy authentication not properly configured or trouble performing it; server running out of memory; etc.
SASL_UNAVAIL 454 4.7.0 Authentication server unavailable Authentication server unavailable LDAP server unavailable/unresponsive for authentication.
  503 5.7.0 AUTH command already issued   SMTP AUTH already successfully performed.
  533 5.7.1 AUTH command is not enabled   No maysaslserver or mustsaslserver enabled on channel.
  501 5.7.0 Cannot decode BASE64 Cannot decode BASE64 Argument right of = fails to BASE64 decode; or, argument on new line fails to BASE64 decode.
  503 5.7.1 Mail transaction already in progress   SMTP AUTH not permitted now that message submission has begun.
  501 5.7.0 AUTH operation aborted by client Client aborted AUTH operation  
SASL_OK 235 2.7.0 mechanism authentication successful authentication successful++  
SASL_NOMECH 504 5.5.4 Unrecognized authentication type Unrecognized authentication type  
SASL_BADPROT 501 5.5.0 Invalid input Invalid input  
SASL_NOUSER 535 5.7.8 Bad username or password No such user  
SASL_PWLOCK 534 5.7.8 Bad username or password Password/account is locked (New in MS 8.0.2)
SASL_WEAKPASS 534 5.7.9 Password is too weak Password is too weak (New in MS 8.0)
SASL_TOOWEAK 535 5.7.8 Bad username or password Authentication mechanism is too weak  
SASL_BADAUTH 535 5.7.8 Bad username or password Bad password
SASL_NOAUTHZ 535 5.7.8 Authorization failure Authorization failure  
SASL_ENCRYPT 538 5.7.11 Encryption needed to use mechanism Encryption needed for mechanism  
SASL_EXPIRED 524 5.7.11 Password expired, has to be reset Password expired; has to be reset  
SASL_DISABLED with mailUserStatus: inactive 525 5.7.13 Account disabled Account disabled (inactive)  
SASL_DISABLED with mailUserStatus: hold 525 5.7.13 Account disabled Account disabled (hold)  
SASL_UNAVAIL 454 4.7.0 Authentication server unavailable Authentication server unavailable  
SASL_TRYAGAIN 454 4.7.0 Try again later Try again later  
SASL_TRANS 422 4.7.12 Try changing your password Transition password needed
Default for other errors 500 5.7.0 Unknown authentication error Unknown AUTH errors <sasl-errno> <sasl-aux-errno>  

+Additional detail error text potentially may be suffixed within parentheses for error cases other than a client abort of the AUTH attempt, or successful authentication.

++New in 7.3-11.01 version; previously, the log_message_id field was the empty string for this success case



See also: