----- Original Message ----- From: Charlie Orford To: Postfix users <postfix-users@postfix.org> Sent: Tuesday, July 5, 2011 10:45 AM Subject: Re: unverified_recipient_tempfail_action = permit
>Hi Wietse, > >Although the address caching should have worked as you describe, we >found that it failed for a number of addresses despite the fact that these >addresses had received email in the last 31 days (most had in fact >received mail in the last 24 hours). > >Here is an excerpt from the log of our secondary mx, taken about two >hours after the primary went down (domains and IPs fudged slightly for >privacy): > >Jul 1 12:46:48 pike postfix/smtpd[18924]: connect from >mo2.mail-out.ovh.net[178.32.228.2] >Jul 1 12:46:48 pike postfix/smtpd[18924]: NOQUEUE: reject: RCPT from >mo2.mail-out.ovh.net[178.32.228.2]: 450 4.1.1 <m...@xxxxxx.com>: Recipient >address rejected: unverified address: lost connection with >mx1.xxxxxx.com[11.12.13.14] while receiving the initial >server greeting; >from=<nico...@yyyyyy.com> to=<m...@xxxxxx.com> proto=ESMTP >helo=<mo2.mail-out.ovh.net> >Jul 1 12:46:48 pike postfix/smtpd[18924]: disconnect from >mo2.mail-out.ovh.net[178.32.228.2] > > >None of the address verification cache settings on either mail server have >been changed from their default (we are using the standard Debian Squeeze >postfix package). > >The only setting directly related to address verification that appears in both >the primary and secondary main.cf is: > >address_verify_map = btree:$data_directory/verify_cache > >The verify_cache file exists on both machines and contains data. > >My conclusion is that either we have misconfigured something or everything >is working as intended but the reason the secondary started deferring email >is because it had never seen these addresses before (as it's cache is obviously >seperate from the primary's cache)? > >If my second conclusion is correct, this situaiton could have been avoided >with >unverified_recipient_tempfail_action=permit (I think). > >Kind Regards, >Charlie Sorry, I should have also included the smtpd_recipient_restrictions for each machine, which are: Primary mailhost: permit_mynetworks permit_sasl_authenticated reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unauth_destination reject_unverified_recipient permit_auth_destination Secondary mailhost: permit_mynetworks reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unauth_destination reject_unverified_recipient permit_auth_destination permit_mx_backup Charlie
