----- Original Message -----
From: Noel Jones
To: postfix-users@postfix.org
Cc:
Sent: Tuesday, July 5, 2011 8:49 PM
Subject: Re: unverified_recipient_tempfail_action = permit
>Maybe a compromise?
>How about running on the main MX
>postmap -s btree:/path/verify | grep ':250 ' > file
>
>and then export file as a relay_recipients map on the relay.
>
>Automate this to run periodically.
>
>Hmm, probably need to stop postfix on the main MX for a few
>seconds to run this, probably once a week would be sufficient
>to get the active users.
>
>
> -- Noel Jones
I like this idea but perhaps instead of using relay_recipients_map,
the backup mx could call a policy service via check_recipient_access,
which checks the status of the primary and, if it is down, uses the list
provided by postmap -s btree:/path/verify | grep ':250 ' to verify users.
If the primary is up, it would just respond DUNNO to any request and let the
secondary mx continue to verify users via normal address verification polling.
This way you have the best of all worlds: secondary mx uses up to date
address verification most of the time and, if the primary goes down, it falls
back to a list of "known" good recipients (which is rsynced from the primary
every x days) and thus produces no backscatter. There may be a tiny
handful of addresses that result in deferral messages (depending on
how frequently new address are added to the primary) but this isn't so bad.
For the above to work, I assume you could give check_recipient_access a
table containing: *@ on the left and the policy script on the right (i.e. to
force it
to fire the policy script for every recipient). Not sure if that actually works
or is
the best way to do it.
The only irritant is that this would result in an extra poll to the primary mx
over
and above the normal address verification polls.
Another idea that would give you the same result as above (but avoid the extra
poll)
might be to introduce a way to tell postfix in which sequence it should perform
address verification e.g.
address_verify_sequence = address_verification_polling, relay_recipient_maps
Postfix would try polling the primary first and, only if that failed, check if
the
recipient is listed in relay_recipient_maps. If they wanted, the user could then
write a cron script to rebuild the recipient_maps db periodically (e.g. by
taking
the output of postmap -s btree:/path/verify | grep ':250 ' from the primary).
Charlie
