On 04/19/2013 12:07 AM, Stan Hoeppner wrote: > On 4/18/2013 4:26 AM, Mikael Bak wrote: >> Hi Josef, >> >> On 04/18/2013 11:06 AM, Josef Karliak wrote: >>> Good morning, >>> our outgoing smtp server gets into a backscatter blacklist. When I >>> checked my logs, there were only one mailer daemon email to some server >>> in the time that is mentioned on the backscatter web. >>> In all servers in the way of the email (incoming MX->antispam server-> >>> our imap server) has unknown_local_recipient_reject_code = 550. >>> What else could I do ? There could be one thing - incoming MX accept >>> all emails for our domain, he doesn't know our aliases. The mail is send >>> to antispam and when antispam wanna sent the email to imap server and >>> the target email address doesn't exists, it has 550 error and it is send >>> away by our antispam server (it is our outgoing server). >>> So, is this all wrong ? We decided to have more servers because of >>> loading reasons (we've daily up to 15 000 emails, but there were a 60 >>> 000 peak) >> >> You can have "reject_unverified_recipient" on the MX to check the IMAP >> server if the email address exists before accepting it. > > > To be clear Josef, reject_unverified_recipient performs recipient > address verification via an SMTP RCPT TO test. See: > http://www.postfix.org/postconf.5.html#reject_unverified_recipient > > You state your MX Postfix server relays all mail to the AS appliance > which accepts everything regardless of recipient address, which is why > you're in trouble currently. Verification queries will be sent to the > AS box, so reject_unverified_recipient will not work in your setup.
Last time I read ADDRESS_VERIFICATION_README, I noticed that this isn't true: you can route your probes to the final delivery machine while leaving the current delivery mechanism intact: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#probe_routing > > To fix your problem you must have some form of recipient validation at > the MX so it only accepts mail for valid mailbox addresses and rejects > mail to invalid addresses. You have a couple of options: > > 1. Export the valid recipient list from the mailbox server to the MX > server with one address per line in a text file. Create an access table > from this file with OK action. Use check_recipient_access: > http://www.postfix.org/postconf.5.html#check_recipient_access > > 2. Implement an LDAP or mysql database containing valid addresses. > This can be used with check_recipient_access, local_recipient_maps, > virtual_mailbox_maps, etc. For implementation details of each see: > http://www.postfix.org/postconf.5.html >
signature.asc
Description: OpenPGP digital signature
