On Thu, Nov 13, 2008 at 2:14 PM, mouss <[EMAIL PROTECTED]> wrote: > > sure, losing mail is bad. but you should reject mail during the smtp > transaction. if your postfix is a lreay server and you can't get the > relay_recipient_maps, then you can use reject_unverified_recipient (only for > selected domains).
My MX servers have no mailboxes. They either relay email to an external domain address the user asked to have set up, or they relay to one of three servers within our domain. We use : virtual_alias_maps = hash:/etc/postfix/relocated hash:/etc/postfix/class_lists hash:/etc/postfix/virtual virtual_alias_domains = $virtual_alias_maps, mydomain.ca The virtual file contains every address we handle in one of these ways. I can't see using reject_unverified_recipient for the volume of email we have, and it is pointless to do when we have a valid list of all addresses the MX should handle. In main.cf I see: # The relay_domains parameter restricts what destinations this system will # relay mail to. The list of domains we forward to, based on the virtual mapping file, will vary over time, so there is no easy way to satisfy the requirements of relay_recipient_map. Based on what I'm seeing in our logs, and from swaks talking to our MX I have to conclude that relay_recipient_map is not the only way to disable backscatter. The documentation should include mention of virtual_alias_maps as being another alternative which allows reject prior to queueing. With relay_domain and mydestination set to null, we are getting useful rejects. From swaks I test email to non-existant address: === Trying nexa.mydomain.ca:9077... === Connected to nexa.mydomain.ca. <- 220 nexa.mydomain.ca ESMTP Postfix -> EHLO somewhere.ca <- 250-nexa.mydomain.ca <- 250-PIPELINING <- 250-SIZE 10000000 <- 250-ETRN <- 250-ENHANCEDSTATUSCODES <- 250-8BITMIME <- 250 DSN -> MAIL FROM:<[EMAIL PROTECTED]> <- 250 2.1.0 Ok -> RCPT TO:<[EMAIL PROTECTED]> <** 550 5.1.1 <[EMAIL PROTECTED]>: Recipient address rejected: User unknown in virtual alias table -> QUIT <- 221 2.0.0 Bye === Connection closed with remote host.
