> Configurable, perhaps. But it would a mistake to make this the > default strategy. > > That would make Postfix vulnerable to a trivial denial of service > attack where one bad recipient can block all mail for all other > recipients at that same site.
Not if it could me parametrized. As I said, what if we get 100 errors in sequence? Keep trying to deliver another 10k emails knowing that you're not allowed to send email at this time is more like a DoS attack. We're consuming server's resource when we shouldn't connect to them at all. > > Imagine if I could block all mail for gmail.com in this manner. > > If I understand correctly, your proposal is to treat all 4xx and > 5xx delivery errors the same as a failure to connect error. No thats not what I meant. What I said is that would be nice to have a way to configure specific errors to put the queue on hold for those destinations which we're unable to connect at the time. > > Wietse Rafael
