While I still feel the Courier mail system is one of the best around since I've started to use it more heavily I've come to the conclusion it suffers from a couple of usability issues. I like the way that it implements all the relevant specifications to the letter but that can, and does, cause me problems because not everyone else in the world is so diligent. The sections below detail some of the additional set up I've performed.
Incorrectly Configured Exchange Servers
One of the people we regularly send email to runs an incorrectly configured Exchange server. The server reports that it accepts TLS but when Courier starts a TLS session the Exchange server just gives up and dies. This resulted in mail rarely getting through (I never did figure out why mail sometimes got through). The solution to this problem is to add the offending domain to the esmtproutes file and tell Courier to not even try TLS with SECURITY=NONE. For example:
example.com: /SECURITY=NONE
What I would like to know is why can't Courier have a setting "deal-with-broken-exchange-servers=yes" which would just cause it to re-try sending without TLS?
RFC 1035 Violation
This one could turn out to be quite a problem for me as the server administrator. The error message I got was:
This domain's DNS violates RFC 1035
What Courier is reporting is that there is an RFC violation with the MX records for the domain that will be receiving the mail. Typically this is because one of the MX records has an IP address rather than a canonical name. There are only two ways to fix this problem: contact the domain owner and get them to fix the problem or make an entry in the esmptroutes setting file.
Since it's damn near impossible to get anyone to update their DNS records that means an entry in the setting file for every domain that is mis-configured. The entry looks something like this:
example.com:mail.example.com
The first part is the offending domain the second is the place to send the mail. This works because an entry in esmptyroutes will cause Courier to not look up the MX records for the domain thus side stepping the mis-configuration.
Warning rant ahead... Why for the love of the flying spagetti monster can't Courier just behave just like every other mail server and just send the damn mail? In the first case of this I came across the first MX record was correct but the second was an IP address and all of them have to be correct for Courier to send mail - in other words Courier found a perfectly valid record and could have delivered the mail fine and within the specification but didn't. If Courier must police the Internet at least give us the option of turning off this "feature".