On 8/6/2009 12:29 PM, Aaron Wolfe wrote: >>>> address_verify_map = btree:/var/lib/postfix/verify >>>> address_verify_positive_refresh_time = 14d >>>> unverified_recipient_defer_code = 250
>>> You are correct, but this is NOT the recommended way... >>> >>> Don't change the unverified_recipient_defer_code to 250... leave it at >>> its default 450. This way you will not be a backscatter source ever, and >>> the worst that will happen if their primary MX is down is some mail >>> might be delayed a little. >> Also, if I'm understanding the way this works correctly, you can also >> use the address_verify_map parameter to cache hits (both negative and >> positive), which will allow you to continue accepting mail for >> recipients who are still in the cache even if the primary MX is down. >> >> http://postfix.mirrorspace.org/postconf.5.html#address_verify_map > Which is also exactly what would happen if they didn't pay this guy > for a backup MX. I know... ;) > He's looking for some way to think his service has value, and doesn't > mind being a nuisance by backscattering so long as he can make a > buck. Well, as long as he uses the address_verify_maps and caches, he could add a little value (accept a lot of the messages that would otherwise be deferred). Also, his server is the internet facing one, so the target of any attack (maybe he has big iron and security experts on staff). -- Best regards, Charles
