Jeff wrote:
On Tue, Aug 19, 2008 at 2:16 PM, Wietse Venema <[EMAIL PROTECTED]> wrote:
Jeff:
I want the back-end to tell the front-end gateway 550 for
[EMAIL PROTECTED], but I want it to tell my other internal MTAs OK,
whilst not breaking regular recipient verification.
Reject [EMAIL PROTECTED] on the FRONT_END host.
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/access
...stuff...
reject_unauth_destination
...stuff...
reject_unverified_recipient
...stuff...
/etc/postfix/access
[EMAIL PROTECTED] reject
Except that the front end is a mail gateway APPLIANCE. It is
linux/postfix based, but has many proprietary additions and it is not
intended to be customized outside what is made available in it's web
interface. I have asked the vendor for a new feature to do SMTP level
rejects based on a blacklist, but they have not commented on it and
currently offer only the aforementioned relay to back-end SMTP
recipient verification or bounce notifications based on a front-end
blacklist.We currently use the bounce option, but it is generating
back-scatter to our postmaster address. My other option on the gateway
is to just be a black-hole for these private addresses (accept, but
neither deliver nor notify) but I see that as an ill-behaved way to
run a mail service.
Yes, the appliance has some imperfections, but generally does just
what we need. Thus I am trying to solve this problem with back-end
recipient verification.
Your earlier description that the gateway correctly rejects
unknown recipients yet creates a bounce for a recipient
rejected with an access map makes no sense.
Hmmm. Unless the appliance has a cached list of verified
recipients. Then a formerly-valid recipient won't be rejected
at the appliance until the cache has expired.
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
http://www.postfix.org/verify.8.html
At any rate, this discussion cannot go further unless we have
log entries and config info rather than just unsubstantiated
claims.
http://www.postfix.org/DEBUG_README.html#mail
"postconf -n" output and logging showing the problem,
preferably from both the gateway and the internal server.
--
Noel Jones
