Wietse:
> Postfix already replies with a 5XX for an NXDOMAIN result.
>
pf at alt-ctrl-del.org:
nslookup mailserver.jtl.co.in
google-public-dns-a.google.com can't find
mailserver.jtl.co.in: Non-existent
domain
NOQUEUE: reject: RCPT from
outgoing.jeevantechnologies.com[61.12.114.170]:
450 4.7.1 <mailserver.jtl.co.in>:
Helo command rejected: Host not found;
proto=ESMTP helo=<mailserver.jtl.co.in>
Wietse:
postconf | grep 450
pf at alt-ctrl-del.org:
Wietse, I was looking for a way to do both temporary and
permanent rejects.
Not one or the other.
Noel Jones:
With unknown_hostname_reject_code set to 550, NXDOMAIN hosts will be
rejected, and temporary error hosts will get the
unknown_helo_hostname_tempfail_action (default DEFER_IF_PERMIT). So you
do get both.
Thanks, I guess I missed that in the docs, about the behavior if set to 550.
In my reading of the docs, I thought that "dns is unreliable" and that
anything that is not found via dns lookup is treated as a tempfail.
Any kind of counting will need to be done in a policy server.
Maybe you can cheat and only pass the clients that tempfail to the policy
server, try this:
# main.cf
unknown_hostname_reject_code = 550
Hmmm, I bet the check_policy_service will need to be in a restriction
class... Continuing main.cf:
unknown_helo_hostname_tempfail_action = helo_tempfail_test
smtpd_restriction_classes = helo_tempfail_test
helo_tempfail_test =
check_policy_service foo:bar
where foo:bar is the policy service endpoint.
I've had something very similar running for the last few hours. An access
table sends all .cc helo domains to a custom restriction_class, that then
kicks off to the policy service. Which returns 450 for 4 hours, then 504.
Noel, thanks for your plain language answers.
Wietse, thanks for creating a smtp server that is flexible enough to let me
do this sort of thing, even if it isn't needed.
