Hello, We receive a high volume of mail for non nonexistent mailboxes, so we want to prevent Postfix's SMTP probes to the nearest MTA, we just want to use localfile or LDAP queries. I've attached the postconf -n and some tests I've done, any help is appreciated.
About the behavior, I see 2 cases: 1. When mailbox exists: - checks File. If found, stops - checks LDAP. If found, stops - Never asks via SMTP Telnet test output: mailx5:~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mailx5.domain.org ESMTP Postfix EHLO mailx5.domain.org 250-mailx5.domain.org 250-PIPELINING 250-SIZE 5250000 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: [EMAIL PROTECTED] 250 2.1.0 Ok RCPT TO: [EMAIL PROTECTED] 250 2.1.5 Ok 2. When mailbox doesn't exist: - checks File. - checks LDAP. - Asks via SMTP if the mailbox exists - After a lag (1-2 seconds), returns "450 4.1.1 <[EMAIL PROTECTED]>: Recipient address rejected: unverified address: Address verification in progress" Telnet test output: mailx5:~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mailx5.domain.org ESMTP Postfix EHLO mailx5.domain.org 250-mailx5.domain.org 250-PIPELINING 250-SIZE 5250000 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: [EMAIL PROTECTED] 250 2.1.0 Ok RCPT TO: [EMAIL PROTECTED] 450 4.1.1 <[EMAIL PROTECTED]>: Recipient address rejected: unverified address: Address verification in progress Here is the output from postconf -n address_verify_map = btree:/var/spool/postfix/mta/verify address_verify_negative_cache = no alias_database = hash:/etc/postfix/aliases hash:/etc/aliases alias_maps = hash:/etc/aliases biff = no body_checks = pcre:/etc/postfix/body_checks.backscatters.pcre01 pcre:/etc/postfix/body_checks.backscatters.pcre02 bounce_queue_lifetime = 0 command_directory = /usr/sbin config_directory = /etc/postfix content_filter = lmtp-amavis:[localhost]:10024 daemon_directory = /usr/lib/postfix debug_peer_level = 3 debug_peer_list = hotmail.com, localhost, gmail.com, google.com disable_vrfy_command = yes fast_flush_domains = header_checks = pcre:/etc/postfix/header_checks.pcre00 pcre:/etc/postfix/header_checks.subjects.pcre01 pcre:/etc/postfix/header_checks.backscatters.pcre02 html_directory = no local_recipient_maps = local_transport = error:local mail delivery is disabled mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_domains = $mydomain masquerade_exceptions = root maximal_queue_lifetime = 0 message_size_limit = 5250000 mydestination = mydomain = domain.org myhostname = mailx5.$mydomain mynetworks = 127.0.0.0/8, 10.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps proxy_interfaces = xxx.xxx.xxx.xxx queue_directory = /var/spool/postfix readme_directory = no recipient_canonical_maps = pcre:/etc/postfix/canonical.pcre relay_domains = $mydomain, mail.$mydomain, mail5.$mydomain, step.$mydomain, lists.$mydomain, elist.$mydomain, relay_recipient_maps = hash:/etc/postfix/LDAPaddressbook.txt ldap:/etc/postfix/ldap-users.cf sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = maildrop show_user_unknown_table_name = no smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname permit_mynetworks check_helo_access hash:/etc/postfix/helo_checks smtpd_recipient_restrictions = reject_unverified_recipient reject_non_fqdn_recipient reject_unauth_destination reject_unknown_recipient_domain reject_unlisted_recipient check_recipient_access pcre:/etc/postfix/recipients_checks.pcre check_policy_service unix:private/policy-spf reject_rbl_client zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_client dnsbl.njabl.org smtpd_sender_restrictions = reject_non_fqdn_sender permit_mynetworks check_sender_access hash:/etc/postfix/whitelist check_sender_access hash:/etc/postfix/sender_checks check_sender_access pcre:/etc/postfix/sender_checks.pcre check_sender_access hash:/etc/postfix/sender_access reject_unknown_sender_domain transport_maps = hash:/etc/postfix/transport unknown_address_reject_code = 550 unknown_hostname_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 virtual_alias_maps = $alias_maps $aliasdatabase regexp:/etc/postfix/virtual.regexp hash:/etc/postfix/LDAPaddressbook.txt ldap:/etc/postfix/ldap-users.cf 2008/10/3 Noel Jones <[EMAIL PROTECTED]>: > Nicolás Velásquez O. wrote: >> >> Hello, >> >> I've googled around and been playing with relay_recipient_maps. I have >> it as follows: >> relay_recipient_maps = >> hash:/etc/postfix/LDAPaddressbook.txt >> ldap:/etc/postfix/ldap-users.cf >> >> Where /etc/postfix/LDAPaddressbook.txt is a local list of the valid >> mailboxes, and ldap:/etc/postfix/ldap-users.cf contains information to >> query the LDAP server for the list of valid email boxes. >> >> The postfix works as a relay/antispam server. >> >> The question: >> If there is a mail to be delivered to a nonexistent mailbox, is it >> normal to see postfix asking via SMTP (after LDAP) to the next-hop in >> /etc/postfix/transport? >> > > It will help if you show "postconf -n" output and log entries illustrating > your question. > http://www.postfix.org/DEBUG_README.html#mail > > As a side note that may or may not be relevant, postfix will attempt to > validate recipients via an SMTP callout if you use the > reject_unverified_recipient restriction. > http://www.postfix.org/ADDRESS_VERIFICATION_README.html > > -- > Noel Jones > > -- Nicolás Velásquez O. Genève, Suisse Mobile +41.797976460
