> Wietse : > You can push the problem back to the webservers, by using the the > Postfix SMTP server's "reject_unverified_recipient" feature. > > With this, Postfix will make one connection for the recipient > address, and then the Postfix SMTP server answers with 5XX to the > web application when that recipient does not exist. > > There are no repeated connections, because Postfix stores the results > in a cache (both positive and negative).
Very nice, that way the customer website would get a bounce the second time it sends to an invalid address. > Noel : > Consider how the website might react when mail is rejected. I don't > suppose they'll all show the end user a helpful message about a bad > address. Probably need to work with your customers on this so there > are no surprises. That's would not be my problem anymore :) Customer should then put some code to handle bounce or better to verify email at subscription time. > Wietse : > For details: http://www.postfix.org/ADDRESS_VERIFICATION_README.html > > You'll have to adjust some settings so that Postfix replies with > 5xx (by default it replies with 4xx to be on the safe side). I read carefully "Limitations of address verification" and I would limit scope to those particular accounts which doesn't care about email verification. I already isolated them in a transport map to use a dedicated IP : # main.cf sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport $ cat /etc/postfix/sender_transport website_sen...@domain1.com out_transactionnal: website_sen...@domain2.com out_transactionnal: # master.cf out_transactionnal unix - - n - - smtp -o smtp_bind_address=188.165.xx.xx -o syslog_name=postfix-transactionnal Should I apply address verification this way : # master.cf out_transactionnal unix - - n - - smtp -o smtp_bind_address=188.165.xx.xx -o syslog_name=postfix-transactionnal -o smtpd_recipient_restrictions=reject_unverified_recipient Would it break something to override this way ? (Would it break my submission override "-o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject" ?) Thanks.
