----- Original Message ----- From: Noel Jones To: postfix-users@postfix.org Cc: Sent: Wednesday, July 6, 2011 12:25 AM Subject: Re: unverified_recipient_tempfail_action = permit
>To run a policy service on all addresses, add the >check_policy_service directive to your smtpd restrictions at >the point you want the policy to run. No recipient map needed. Ah, I knew there would be a better way to do it >Probably the best approach is to get rid of the secondary MX. > >If you can't do that, seems like a policy service that defers >all mail when the primary is up is a reasonable second choice. >When the primary is down, accept mail for known recipients, >defer the rest. No address verification runs on the >secondary, just a valid recipients table that is periodically >updated. I know I am starting to sound like a broken record but I really think a sensible, clean method to run a secondary mx that is capable of verifying recipients and accepting mail (rather than deferring) with or without the primary being up would be a nice feature to have. A postfix feature like: address_verify_sequence = address_verification_polling, relay_recipient_maps is the best I can come up with but given that I seem to be in the minority here, I guess I'll stop whining and instead go off and have a stab at setting up something with a policy service. I enjoyed the discussion though :) Charlie
