-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/5/2011 7:26 AM, Nikolaos Milas wrote: > On 3/9/2011 11:09 μμ, Noel Jones wrote: So, in order to > implement such a solution, would it be sufficient to do > something like the following, on the *gateway* mail server: > > smtpd_recipient_restrictions = permit_mynetworks, > reject_unverified_recipient, reject_unauth_destination
Typically the order would be smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination (local UCE controls) reject_unverified_recipient ie. do the "expensive" recipient verification as late as possible - -- it should always be after "permit_mynetworks, reject_unauth_destination". > > and on the *final destination* (next hop) mail server: > > unverified_recipient_reject_code = 550 Yes. > I guess this is what you mean by "active recipient > verification". Right? Yes. > ...and, if so, I guess we *still* need the directive: > > relay_recipient_maps = > > (empty) ?? Yes, you'll be using reject_unverified_recipient for all your relay_domains, so the explicit listing isn't needed. -- Noel Jones -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOZPZAAAoJEJGRUHb5Oh6gncwH/j8RbF9z0uK8Q0mLk03ll7cS ix+pFl5o8ZEYZZi3HsEZag9kJKpVZkjDJH73m4SCTGW+v69eEyK9oieWoTAYiVv+ XSzaUKzHXqU2eis5NcrJlRZ18j5X65YrZgAaExXULdcwScKRvI6q2x0KVr6E4jIi Jc7AzhNBcy9+z/uMEuFG4ODc2iYOtI0mN9O4LxlbKa5Ql8cbgwxKWIoQuWQHuLOF j/lsWVrQrNKgQLrWjjJfPftyt+iFv1HARJQ8fedpxJPMd3OGdT0zwNF0vP0Vezus hKiAWBasmPdLevWePEvg2olrZlY4adw91JALghaK0gsDSmur8//4gwbd4/NrBQg= =g4f9 -----END PGP SIGNATURE-----