On 7/5/2011 4:00 PM, Charlie Orford wrote: > For the above to work, I assume you could give check_recipient_access a > table containing: *@ on the left and the policy script on the right (i.e. to > force it > to fire the policy script for every recipient). Not sure if that actually > works or is > the best way to do it.
To run a policy service on all addresses, add the check_policy_service directive to your smtpd restrictions at the point you want the policy to run. No recipient map needed. To run a policy service on selected recipient domains, use a recipient access map with the domain as the lookup key and the policy service as the result. man 5 access for details. > > The only irritant is that this would result in an extra poll to the primary > mx over > and above the normal address verification polls. Probably the best approach is to get rid of the secondary MX. If you can't do that, seems like a policy service that defers all mail when the primary is up is a reasonable second choice. When the primary is down, accept mail for known recipients, defer the rest. No address verification runs on the secondary, just a valid recipients table that is periodically updated. -- Noel Jones
