On May 10, 2012, at 14:40, James Seymour wrote: > On Wed, 09 May 2012 01:22:27 +0200 > Benny Pedersen <m...@junc.org> wrote: > >> Den 2012-05-08 15:43, Jona - DTNX Postmaster skrev: >> >>> The '550 ... rejected:' is Postfix, the rest is the reply Postfix >>> got from the SPF policy daemon. Customizing that reply may be >>> another option to clarify what is happening. >> >> reject_unlisted_recipient before greylist / spf test solves this >> > > Eh? Explain, please?
I think Benny assumed that the address in my example was the actual address, instead of my 'xxx' obfuscated version of it. The real address does exist, which means the above does not apply, AFAIK. As for the question itself, we had a look at moving the SPF check into the sender restrictions, but it makes things quite a bit more complicated, and therefore harder to maintain, more prone to errors and so on. Also, since the SPF policy daemon does both HELO and sender checks, the sender restrictions aren't really optimal either, so we're keeping everything in the recipient restrictions. People tend to be confused by SPF anyway. Most of our time with complaints based on SPF rejections is spent explaining what it is, how it is published by them (or their provider) and so on. If they even read the error message to begin with, heh. Cya, Jona
