Wolfgang & Noel
Thanks for your response and you both make some good points.
The intent of using reject_unverified_recipient as I understood it was
that it would probe the associated relay server and if the message
bounced than my relay server would bounce the message for that address
for the next 24 hours vs constantly sending the messages on and getting
those bounced.
"reject_unverified_recipient
Reject the request when mail to the RCPT TO address is known to bounce,
or when the recipient address destination is not reachable. Address
verification information is managed by the verify(8) server; see the
ADDRESS_VERIFICATION_README file for details."
Not sure why it was not working as desired but the solution I have
implemented seems to be working as desired. In short I was trying to
get my bounced message count down to prevent from having an issue with
Google or other ISPs flagging my servers for an excessive bounce count.
In checking the week of March 2-9th the count was just over 500k and was
accounting for about 29% of all messages through my servers. In
checking the past 12 hours I am now only averaging about 50 messages per
hour bounced or about 1.7% of my prior bounce count.
I have settled on the following configuration, but am still open to ideas.
smtpd_relay_restrictions = permit_mynetworks, reject
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/blacklist_recipient, permit_mynetworks, reject
As previously stated I would drop the machines in question which are
responsible for the bad messages but was told there are some valid
messages getting through and being that we no longer have support on the
systems I had to fix the issue at the relay server.
Thanks again,
Blake
On 03/10/2014 02:49 PM, Wolfgang Zeikat wrote:
In an older episode, on 2014-03-10 21:32, Blake wrote:
In short I have several systems sending emails to invalid addresses
which are bounced by Google. I would like to reject the messages at the
postfix system using an access list.
I thought this configuration would work but it is not having the desired
effect.
smtpd_relay_restrictions = permit_mynetworks, check_recipient_access
hash:/etc/postfix/blacklist_recipient, reject_unverified_recipient,
reject
If the systems in question are in $mynetworks, that would allow them
to send all mails before /etc/postfix/blacklist_recipient is checked.
In that case, you should put
check_recipient_access hash:/etc/postfix/blacklist_recipient
_before_
permit_mynetworks
IMHO.
I have also tried without any success.
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/blacklist_recipient
http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions says:
"Access restrictions for mail relay control that the Postfix SMTP
server applies in the context of the RCPT TO command, before
smtpd_recipient_restrictions."
If I am not mistaken, that means that
permit_mynetworks (from your smtpd_relay_restrictions) would match
before your smtpd_recipient_restrictions would be considered.
Hope this helps,
wolfgang
