Prev: Failover control of Postfix content-filter
Next: GSSAPI Authentication
From: Jaroslaw Grzabel on 14 Dec 2009 08:32
Hi,

I've just had a hard nut to crack, as I've got SMTP server which stores
and forwards ........ or I only hoped so. Why ? As I checked now if the
remote server is down, and I use reject_unverified_recipient it gives me
an error like:

450 4.1.1 <email(a)domain.com>: Recipient address rejected: unverified
address: connect to mail.domain.com[1.1.1.1]: Connection timed out

Where it should accept it and store.... the things are not obvious for
me as when I will disable reject_unverified_recipient then if message
goes to anything(a)domain.com which doesn't exist on the remote server
that message will bounce back to the sender and I will have to take a
risk of block.

Is there any easy way to store and forward with keeping
reject_unverified_recipient option ?

Regards,
Jarek

From: Martijn de Munnik on 14 Dec 2009 08:41
On Mon, 2009-12-14 at 13:32 +0000, Jaroslaw Grzabel wrote:
> Hi,
>
> I've just had a hard nut to crack, as I've got SMTP server which stores
> and forwards ........ or I only hoped so. Why ? As I checked now if the
> remote server is down, and I use reject_unverified_recipient it gives me
> an error like:
>
> 450 4.1.1 <email(a)domain.com>: Recipient address rejected: unverified
> address: connect to mail.domain.com[1.1.1.1]: Connection timed out
>
> Where it should accept it and store.... the things are not obvious for
> me as when I will disable reject_unverified_recipient then if message
> goes to anything(a)domain.com which doesn't exist on the remote server
> that message will bounce back to the sender and I will have to take a
> risk of block.
>
> Is there any easy way to store and forward with keeping
> reject_unverified_recipient option ?

http://www.postfix.org/ADDRESS_VERIFICATION_README.html#caching
>
> Regards,
> Jarek
>

From: Jaroslaw Grzabel on 14 Dec 2009 09:24
Martijn de Munnik wrote:

> > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#caching
> >
>
Hi Martin,

Thank you for your reply.

The only problem with that database is that if customer add some users
into his machine then database will always reject that email... let's
say for example:
somebody is spamming address like jon(a)domain.com
Obviously jon doesn't exist. But after a week company hire Jon and
creates an email for him. What postfix does ? Reject all messages until
I will not be notified and remove the database and let postfix to
recreate it again.
That doesn't satisfy me.

Regards,
Jarek

From: Eero Volotinen on 14 Dec 2009 09:28
On 12/14/09 4:24 PM, Jaroslaw Grzabel wrote:
> Martijn de Munnik wrote:
>
>>> http://www.postfix.org/ADDRESS_VERIFICATION_README.html#caching
>>>
>>
> Hi Martin,
>
> Thank you for your reply.
>
> The only problem with that database is that if customer add some users
> into his machine then database will always reject that email... let's
> say for example:
> somebody is spamming address like jon(a)domain.com
> Obviously jon doesn't exist. But after a week company hire Jon and
> creates an email for him. What postfix does ? Reject all messages until

It rejects mail until cache refresh time is out.

Possibly, you can also disable cache but it causes some performance loss..

--
Eero

From: Martijn de Munnik on 14 Dec 2009 09:32
On Mon, 2009-12-14 at 14:24 +0000, Jaroslaw Grzabel wrote:
> Martijn de Munnik wrote:
>
> > > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#caching
> > >
> >
> Hi Martin,
>
> Thank you for your reply.
>
> The only problem with that database is that if customer add some users
> into his machine then database will always reject that email... let's
> say for example:
> somebody is spamming address like jon(a)domain.com
> Obviously jon doesn't exist. But after a week company hire Jon and
> creates an email for him. What postfix does ? Reject all messages until
> I will not be notified and remove the database and let postfix to
> recreate it again.
> That doesn't satisfy me.

That is a problem, you can define different values for cache time for
positive and negative hits. When you keep the negative cache time low
that will not be much of an issue.

>
> Regards,
> Jarek
>
>

 |  Next  |  Last
Pages: 1 2 3 4
Prev: Failover control of Postfix content-filter
Next: GSSAPI Authentication