On Tue, Mar 27, 2012 at 09:43:27PM -0400, Wietse Venema wrote: > Wietse Venema: > > /dev/rob0: > > > On Tue, Mar 27, 2012 at 04:10:59PM -0500, I wrote: > > > > On Tue, Mar 27, 2012 at 10:21:14PM +0200, Sebastian Wiesinger wrote: > > > > > I have a setup with handles a few virtual domains. For one domain > > > > > only I want mails not to be rejected with an 5xx error code but be > > > > > deferred with a 4xx error code. Is that possible? > > > > > > > > main.cf : > > > > smtpd_client_restrictions = check_recipient_access > > > > hash:/etc/postfix/deferred_recipient[, ... ] > > > > > > > > deferred_recipient : > > > > > > > > example.com defer_if_reject > > > > [ ... ] > > > > > > That of course turns any rejection which comes after this restriction > > > into a deferral, and that's not quite what you said you want. There > > > are ways to apply it only to unknown recipients. I would move any > > > spam-blocking restriction to smtpd_client_restrictions, after any > > > necessary permit_* restrictions and before check_recipient_access. > > > Then the unknown recipient rejection, which happens in > > > smtpd_recipient_restrictions, will be subject to defer_if_reject. > > > > You will need to specify an explicit "reject_unknown_recipient" at
(typo: "reject_unlisted_recipient") > > the end of smtpd_recipient_restrictions. > > It would be worthwhile if someone can check if this is needed. This is interesting. In my preliminary tests, the defer_if_reject does not work, neither with nor without reject_unlisted_recipient specified. It seems that the explicit test is also not playing along. Client restrictions find the defer_if_reject, and in recipient restrictions, reject_unlisted_recipient calls >>> CHECKING RECIPIENT MAPS <<<. The address I tried was an unlisted virtual alias where the domain was in virtual_alias_domains. The following verbose log excerpt shows from smtpd_client_restrictions through the end of smtpd connection, with defer_if_reject as above and reject_unlisted_recipient in smtpd_recipient_restrictions. Mar 27 23:53:05 chestnut postfix/smtpd[16757]: >>> START Client host RESTRICTIONS <<< Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: name=check_recipient_access Mar 27 23:53:05 chestnut postfix/smtpd[16757]: check_mail_access: non...@example.com Mar 27 23:53:05 chestnut postfix/smtpd[16757]: ctable_locate: leave existing entry key non...@example.com Mar 27 23:53:05 chestnut postfix/smtpd[16757]: check_access: non...@example.com Mar 27 23:53:05 chestnut postfix/smtpd[16757]: check_domain_access: example.com Mar 27 23:53:05 chestnut postfix/smtpd[16757]: check_table_result: hash:/etc/postfix/defer_unknown defer_if_reject example.com Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: name=check_recipient_access status=0 Mar 27 23:53:05 chestnut postfix/smtpd[16757]: >>> END Client host RESTRICTIONS <<< Mar 27 23:53:05 chestnut postfix/smtpd[16757]: >>> START Recipient address RESTRICTIONS <<< Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: name=permit_mynetworks Mar 27 23:53:05 chestnut postfix/smtpd[16757]: permit_mynetworks: localhost 127.0.0.1 Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_hostname: localhost ~? 192.168.8.0/22 Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_hostaddr: 127.0.0.1 ~? 192.168.8.0/22 Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: localhost: no match Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: 127.0.0.1: no match Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: name=permit_mynetworks status=0 Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: name=reject_unauth_destination Mar 27 23:53:05 chestnut postfix/smtpd[16757]: reject_unauth_destination: non...@example.com Mar 27 23:53:05 chestnut postfix/smtpd[16757]: permit_auth_destination: non...@example.com Mar 27 23:53:05 chestnut postfix/smtpd[16757]: ctable_locate: leave existing entry key non...@example.com Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: name=reject_unauth_destination status=0 Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: name=reject_unlisted_recipient Mar 27 23:53:05 chestnut postfix/smtpd[16757]: >>> CHECKING RECIPIENT MAPS <<< Mar 27 23:53:05 chestnut postfix/smtpd[16757]: ctable_locate: leave existing entry key non...@example.com Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: recipient_canonical_maps: non...@example.com: not found Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_string: example.com ~? sqlite:/etc/postfix/query/dom-local.query(0,lock|fold_fix) Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: /etc/postfix/query/dom-local.query: Searching with query SELECT Domain.name FROM Domain WHERE Domain.class=1?AND Domain.active!=0 AND Domain.name IS 'example.com' Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: example.com: no match Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: recipient_canonical_maps: @example.com: not found Mar 27 23:53:05 chestnut postfix/smtpd[16757]: mail_addr_find: non...@example.com -> (not found) Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: canonical_maps: non...@example.com: not found Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_string: example.com ~? sqlite:/etc/postfix/query/dom-local.query(0,lock|fold_fix) Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: /etc/postfix/query/dom-local.query: Searching with query SELECT Domain.name FROM Domain WHERE Domain.class=1?AND Domain.active!=0 AND Domain.name IS 'example.com' Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: example.com: no match Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: canonical_maps: @example.com: not found Mar 27 23:53:05 chestnut postfix/smtpd[16757]: mail_addr_find: non...@example.com -> (not found) Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: /etc/postfix/query/maps-valias.query: Searching with query SELECT TA.localpart || (CASE WHEN VA.extension IS NOT NULL? THEN '-' || VA.extension ELSE '' END) ||? (CASE WHEN TD.id=0 THEN '' ELSE '@' || TD.name END)?FROM Alias AS VA? JOIN Address AS TA ON (VA.target = TA.id)? JOIN Domain AS TD ON (TA.domain = TD.id)? JOIN Address AS AA ON (VA.address = AA.id)? JOIN Domain AS AD ON (AA.domain = AD.id)?WHERE AA.localpart || '@' || AD.name IS 'non...@example.com'?AND VA.active!=0 Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: virtual_alias_maps: non...@example.com: not found Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_string: example.com ~? sqlite:/etc/postfix/query/dom-local.query(0,lock|fold_fix) Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: /etc/postfix/query/dom-local.query: Searching with query SELECT Domain.name FROM Domain WHERE Domain.class=1?AND Domain.active!=0 AND Domain.name IS 'example.com' Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: example.com: no match Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: /etc/postfix/query/maps-valias.query: Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: virtual_alias_maps: @example.com: not found Mar 27 23:53:05 chestnut postfix/smtpd[16757]: mail_addr_find: non...@example.com -> (not found) Mar 27 23:53:05 chestnut postfix/smtpd[16757]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <non...@example.com>: Recipient address rejected: User unknown in virtual alias table; from=<r...@example.com> to=<non...@example.com> proto=ESMTP helo=<localhost> Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: name=reject_unlisted_recipient status=2 Mar 27 23:53:05 chestnut postfix/smtpd[16757]: mac_parse: See your own postmaster for help, or?http://nospam4.nodns4.us/ for more information about the?policies of this site. Mar 27 23:53:05 chestnut postfix/smtpd[16757]: > localhost[127.0.0.1]: 550-5.1.1 <non...@example.com>: Recipient address rejected: User unknown in virtual alias table Mar 27 23:53:05 chestnut postfix/smtpd[16757]: > localhost[127.0.0.1]: 550 5.1.1 See your own postmaster for help, or?http://nospam4.nodns4.us/ for more information about the?policies of this site. Mar 27 23:53:05 chestnut postfix/smtpd[16757]: watchdog_pat: 0x721200 Mar 27 23:53:13 chestnut postfix/smtpd[16757]: < localhost[127.0.0.1]: quit Mar 27 23:53:13 chestnut postfix/smtpd[16757]: > localhost[127.0.0.1]: 221 2.0.0 Bye It's late ... past my bedtime ... and I might have made a mistake. I'll try it again tomorrow. > > The implicit "unknown recipient" test at the end is not part of > > smtpd_recipient_restrictions, and this implicit test currently does > > not play along with any defer_if features requested from within > > smtpd_recipient_restrictions. > > > > I suppose this could (should) be changed without breaking things, > > but making this 100% safe will take half a day and I don't have > > that time at the moment. > > > > Wietse > > -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
