On Mon, Jul 04, 2011 at 04:48:44AM -0700, Charlie Orford wrote:
> unverified_recipient_tempfail_action = permitĀ would have solved
> this problem with the small penalty of a brief period of potential
> backscatter.
>
> Where is the down side?
That "small penalty" sure is a down side. If I would provide backup
service for someone else, I would absolutely insist that the primary
must never reject my mail for that domain. Let THEM be the spammer,
not me.
If you're intent on this, you can implement it yourself with simple
scripts. Best would be a small policy service, but a shell script
running from crontab would suffice.
The cron job would check to see if the primary MX is reachable, and
exit if so. A check_recipient_access lookup for the backup domain
would return "defer" or "defer_if_permit". If the primary MX is not
available, the access map would be changed to return "dunno".
The cron job continues checking availability of the primary MX, and
changes the access map back, and optionally runs "postfix flush",
when the primary MX comes back.
A policy service could do the same thing in real time, without the
possible delay of the cron job interval. It could also flag clients
as likely spammers when they attempt to deliver to the backup domain
while the primary MX is up.
References:
http://www.postfix.org/SMTPD_ACCESS_README.html
http://www.postfix.org/access.5.html
http://www.postfix.org/SMTPD_POLICY_README.html
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
