li...@rhsoft.net:
> Hi
>
> why does postfix the sender verification in case of a non existing local
> rcpt instead skip that expensive callout and just reject?
Put reject_unlisted_{sender,recipient} before
reject_unverified_{sender,recipient}.
Wietse
> given that postscreen and other restrictions killing 95% of all junk
> before but my intention is to have the sender callout as last resort
> before the very expensive content-milters which are not called in case
> of a invalid RCPT
> _____________________________________________
>
> Dec 24 21:32:46 localhost policyd-spf[29776]: None; identity=mailfrom;
> client-ip=162.144.123.162; helo=cpanel.tahfeeztc1.info;
> envelope-from=i...@tahfeez-tc1.biz; receiver=malk...@example.com
>
> Dec 24 21:32:46 localhost postfix/qmgr[26503]: 3k75hG64bkz1l: from=<>,
> size=242, nrcpt=1 (queue active)
>
> Dec 24 21:32:51 localhost postfix/smtp[28802]: 3k75hG64bkz1l:
> to=<i...@tahfeez-tc1.biz>,
> relay=mail.tahfeez-tc1.biz[162.144.123.162]:25, delay=4.4,
> delays=0/0/1.8/2.6, dsn=2.0.0, status=deliverable (250 Accepted)
>
> Dec 24 21:32:51 localhost postfix/smtpd[26521]: NOQUEUE: reject: RCPT
> from cpanel.tahfeeztc1.info[162.144.123.162]: 550 5.1.1
> <malk...@example.com>: Recipient address rejected: User unknown in local
> recipient table; from=<i...@tahfeez-tc1.biz> to=<malk...@example.com>
> proto=ESMTP helo=<cpanel.tahfeeztc1.info>
> _____________________________________________
>
> local_recipient_maps = hash:/etc/postfix/local_recipient_maps.cf
>
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient
> reject_non_fqdn_sender
> reject_unauth_destination
> check_recipient_access hash:/etc/postfix/whitelist_rcpt.cf
> check_helo_access regexp:/etc/postfix/blacklist_helo_uncond.cf
> reject_non_fqdn_helo_hostname
> reject_invalid_helo_hostname
> reject_unknown_sender_domain
> check_recipient_access hash:/etc/postfix/blacklist_rcpt.cf
> check_sender_access hash:/etc/postfix/whitelist_sender.cf
> check_sender_access hash:/etc/postfix/blacklist_sender.cf
> check_sender_access hash:/etc/postfix/spoofing_protection.cf
> check_sender_access regexp:/etc/postfix/blacklist_sender_regex.cf
> reject_unknown_reverse_client_hostname
> check_sender_ns_access hash:/etc/postfix/blacklist_ns.cf
> check_policy_service unix:private/spf-policy
> check_recipient_access hash:/etc/postfix/skip_ptr.cf
> permit_dnswl_client wl.mailspike.net
> permit_dnswl_client list.dnswl.org
> permit_dnswl_client iadb.isipp.com
> permit_dnswl_client sa-accredit.habeas.com
> permit_dnswl_client dnswl.inps.de
> permit_dnswl_client swl.spamhaus.org
> permit_dnswl_client hostkarma.junkemailfilter.com=127.0.0.1
> check_helo_access regexp:/etc/postfix/blacklist_helo.cf
> check_reverse_client_hostname_access regexp:/etc/postfix/blacklist_ptr.cf
> reject_unverified_sender
>
