Hi, I am thinking about trying to replicate a feature I custom-built for my Sendmail installation, in Postfix. What this does is, whenever a host I am backup for is mentioned in the SMTP RCPT command, I check to see if the host is up, and *refuse* the command (450) if it is. The consequence of that is that spammers, who normally buzz off when told, can be tested by a primary host using all of the techniques at the primary's disposal - DNSBL, greylist, etc. Any SMTP-time refusal is done by the primary, where it makes the most sense, even after the DATA command where verification has no arbitration. Finally, dictionary attacks have less effect since the probe is limited to starting up a connection and reading a banner once for the duration of the cache time.
Unfortunately, this doesn't seem to be within the realm of Postfix's recipient address verification. Have I missed anything? Even if I were to set the temporary fail during verification code to 250, I'd potentially accept responsibility for mail I shouldn't regardless of whether the host was really up, if I could not queue verify probes. How can I get the desired effect, or will I need a policy server to do this? Cheers, Sabahattin
smime.p7s
Description: S/MIME cryptographic signature
