Nicolás Velásquez O. wrote: > Hello, > > We receive a high volume of mail for non nonexistent mailboxes, so we > want to prevent Postfix's SMTP probes to the nearest MTA, we just want > to use localfile or LDAP queries. I've attached the postconf -n and > some tests I've done, any help is appreciated. >
You are asking Postfix to do this. See below Also, please use example.(com|net|org) instead of "domain". > 2. When mailbox doesn't exist: > - checks File. > - checks LDAP. > - Asks via SMTP if the mailbox exists > - After a lag (1-2 seconds), returns "450 4.1.1 > <[EMAIL PROTECTED]>: Recipient address rejected: > unverified address: Address verification in progress" > Telnet test output: > mailx5:~ # telnet localhost 25 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > 220 mailx5.domain.org ESMTP Postfix > EHLO mailx5.domain.org > 250-mailx5.domain.org > 250-PIPELINING > 250-SIZE 5250000 > 250-ETRN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > MAIL FROM: [EMAIL PROTECTED] > 250 2.1.0 Ok > RCPT TO: [EMAIL PROTECTED] > 450 4.1.1 <[EMAIL PROTECTED]>: Recipient > address rejected: unverified address: Address verification in progress > > What to the logs say on the mail5 machine? It should not delay on such a request since that is your setup. > Here is the output from postconf -n [...] > smtpd_recipient_restrictions = reject_unverified_recipient > reject_non_fqdn_recipient reject_unauth_destination > reject_unknown_recipient_domain reject_unlisted_recipient > check_recipient_access pcre:/etc/postfix/recipients_checks.pcre > check_policy_service unix:private/policy-spf reject_rbl_client > zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net > reject_rbl_client dnsbl.njabl.org > reject_unverified_recipient up front means "For everything not in a map, verify by SMTP". Since you have map files, why include a SMTP check anyway? You really should have reject_unauth_destination first (if you don't trust mynetworks). This is due to anyone who queries your server for open relay. You will ask the entire internet for any address given up front, even if it's not. Brian
