-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/5/2011 7:26 AM, Nikolaos Milas wrote:
> On 3/9/2011 11:09 μμ, Noel Jones wrote: So, in order to
> implement such a solution, would it be sufficient to do
> something like the following, on the *gateway* mail server:
> 
> smtpd_recipient_restrictions = permit_mynetworks,
> reject_unverified_recipient, reject_unauth_destination

Typically the order would be
smtpd_recipient_restrictions =
  permit_mynetworks
  reject_unauth_destination
  (local UCE controls)
  reject_unverified_recipient

ie. do the "expensive" recipient verification as late as possible
- -- it should always be after "permit_mynetworks,
reject_unauth_destination".


> 
> and on the *final destination* (next hop) mail server:
> 
> unverified_recipient_reject_code = 550

Yes.

> I guess this is what you mean by "active recipient
> verification". Right?

Yes.

> ...and, if so, I guess we *still* need the directive:
> 
> relay_recipient_maps =
> 
> (empty) ??

Yes, you'll be using reject_unverified_recipient for all your
relay_domains, so the explicit listing isn't needed.


  -- Noel Jones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOZPZAAAoJEJGRUHb5Oh6gncwH/j8RbF9z0uK8Q0mLk03ll7cS
ix+pFl5o8ZEYZZi3HsEZag9kJKpVZkjDJH73m4SCTGW+v69eEyK9oieWoTAYiVv+
XSzaUKzHXqU2eis5NcrJlRZ18j5X65YrZgAaExXULdcwScKRvI6q2x0KVr6E4jIi
Jc7AzhNBcy9+z/uMEuFG4ODc2iYOtI0mN9O4LxlbKa5Ql8cbgwxKWIoQuWQHuLOF
j/lsWVrQrNKgQLrWjjJfPftyt+iFv1HARJQ8fedpxJPMd3OGdT0zwNF0vP0Vezus
hKiAWBasmPdLevWePEvg2olrZlY4adw91JALghaK0gsDSmur8//4gwbd4/NrBQg=
=g4f9
-----END PGP SIGNATURE-----

Reply via email to