----- Original Message ----- From: Wietse Venema To: Postfix users <postfix-users@postfix.org> Sent: Tuesday, July 5, 2011 6:46 PM Subject: Re: unverified_recipient_tempfail_action = permit
>>Charlie Orford: >> I will run the tests and get the output for you later tonight but my >> suspicion >> is that there was likely nothing wrong with the address cache, just that >> a lot of addresses had never been probed by the secondary mx as the >> primary mx is up virtually 99.9% of the time. > >In that case, a hypothetical "tempfail_action = permit" would be >99.9% identical to setting up a backup MX without any recipient >validation and refusing all mail as long as the primary MX reponds. > >If there's something missing in Postfix, them that is what should >be added (refusing mail if the primary responds). > > Wietse That sounds like it would be functionally equivalent to "tempfail_action = permit". The only negative scenario I can think of with this approach is if a sending mta happens to be using a broken (or out of date) DNS cache and as a result can't resolve / communicate with the primary mx but then tries the secondary (which might be served by a different NS for which it can get a valid A record) only to find the secondary refuses the connection. Charlie
