----- Original Message ----- > From: "Ansgar Wiechers" <li...@planetcobalt.net> > To: postfix-users@postfix.org > Sent: Friday, 10 June, 2011 12:47:35 AM > Subject: Re: unverified_recipient_tempfail_action = permit > > On 2011-06-10 Wiebe Cazemier wrote: > > Ansgar Wiechers <li...@planetcobalt.net> wrote: > >> On 2011-06-09 Wiebe Cazemier wrote: > >>> I was setting up a fallback MX server with Postfix and was > >>> struggling > >>> with preventing backscatter mail. I thought I found a good > >>> solution, > >>> but it turned out to be an illegal option. > >>> > >>> Postfix has the ability to do recipient address verification. > >>> When > >>> postfix acts as a relay server, this prevents backscatter mail > >>> (bounces of messages because the server that is relayed to > >>> doesn't > >>> accept the user). Backscatter is usually caused by spam of > >>> course, > >>> because spam is sent to all kinds of users @example.com. > >>> > >>> I had in mind to use recipient address verification to avoid that > >>> and > >>> then set "unverified_recipient_tempfail_action = permit". The > >>> idea > >>> behind this was: > >>> > >>> - Prevent backscatter mail when the primary host is up because > >>> every > >>> address is verified first. > >>> - Accept all mail when the primary host is down, so that incoming > >>> messages aren't deferred. > >> > >> Why? What issue in particular do you see with simply doing > >> recipient > >> verification (and rejection of messages to invalid recipients) on > >> bot > >> MXs? > > > > Well, when the primar is down, all incoming messages on the > > fallback > > are deferred, because it can't do the verification. This means the > > result is the same as having no fallback at all. > > There's more than one way to do recipient verification. Use > $relay_recipient_maps on the backup MX. And don't top-post. > > Regards > Ansgar Wiechers >
Sorry, I forgot to mention. I can't use recipient maps because: - The server acts also as incoming mail handler for another machine which it relays to. That target machine has dynamically created addresses by users on a control panel. - The server is backup MX for mail hosts that I don't know anything about.
