Wietse Venema:
> Wietse Venema:
> > The implicit "unknown recipient" test at the end is not part of
> > smtpd_recipient_restrictions, and this implicit test currently does
> > not play along with any defer_if features requested from within
> > smtpd_recipient_restrictions.
>
> I finally had some time to check this. It seems that "defer_if_reject"
> works as usual. The implicit "reject_unlisted_recipient" at the end
> of smtpd_recipient_restrictions will defer mail thanks to massive
> code reuse inside Postfix:
>
> % postconf smtpd_recipient_restrictions
> smtpd_recipient_restrictions = reject_unauth_destination,defer_if_reject
> % postfix reload
> postfix/postfix-script: refreshing the Postfix mail system
> % telnet 127.0.0.1 smtp
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 bristle.watson.ibm.com ESMTP Postfix
> mail from:wietse
> 250 2.1.0 Ok
> rcpt to:AKJDK@localhost
> 450 4.7.0 <AKJDK@localhost>: Recipient address rejected: defer_if_reject
> requested
>
> I get the same result by adding an explicit "reject_unlisted_recipient"
> after "defer_if_reject" in the example above.
To soft-reject unknown recipients in selected domains, in mail from
clients outside the local network, request defer_if_reject at the end
of smtpd_recipient_restrictions:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
...
reject_unauth_destination
...
check_recipient_access hash:/etc/postfix/final_rcpt_access
/etc/postfix/final_rcpt_access:
example.com defer_if_reject
This is approximately the solution that Rob0 proposed.
You could drop "permit_mynetworks" when this service is not
used for original submissions.
Wietse
