On Tue, Aug 19, 2008 at 2:16 PM, Wietse Venema <[EMAIL PROTECTED]> wrote: > Jeff: >> I want the back-end to tell the front-end gateway 550 for >> [EMAIL PROTECTED], but I want it to tell my other internal MTAs OK, >> whilst not breaking regular recipient verification. > > Reject [EMAIL PROTECTED] on the FRONT_END host. > > smtpd_recipient_restrictions = > check_recipient_access hash:/etc/postfix/access > ...stuff... > reject_unauth_destination > ...stuff... > reject_unverified_recipient > ...stuff... > > /etc/postfix/access > [EMAIL PROTECTED] reject >
Except that the front end is a mail gateway APPLIANCE. It is linux/postfix based, but has many proprietary additions and it is not intended to be customized outside what is made available in it's web interface. I have asked the vendor for a new feature to do SMTP level rejects based on a blacklist, but they have not commented on it and currently offer only the aforementioned relay to back-end SMTP recipient verification or bounce notifications based on a front-end blacklist.We currently use the bounce option, but it is generating back-scatter to our postmaster address. My other option on the gateway is to just be a black-hole for these private addresses (accept, but neither deliver nor notify) but I see that as an ill-behaved way to run a mail service. Yes, the appliance has some imperfections, but generally does just what we need. Thus I am trying to solve this problem with back-end recipient verification. -- Jeff
