Am 24.12.2014 um 22:01 schrieb Wietse Venema:
li...@rhsoft.net:
why does postfix the sender verification in case of a non existing local
rcpt instead skip that expensive callout and just reject?
Put reject_unlisted_{sender,recipient} before
reject_unverified_{sender,recipient}.
ah - thanks!
i guess it's a good idea to list that as early as possible
relay domains where we don't know the local RCPT list are verified with
"check_recipient_access" in "smtpd_relay_restrictions" are listed in
"local_recipient_maps" in any case as wildcard
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unauth_destination
reject_unlisted_recipient
smtpd_relay_restrictions =
reject_unauth_destination
check_recipient_access hash:/etc/postfix/skip_rcpt_vrfy.cf
reject_unverified_recipient
given that postscreen and other restrictions killing 95% of all junk
before but my intention is to have the sender callout as last resort
before the very expensive content-milters which are not called in case
of a invalid RCPT
_____________________________________________
Dec 24 21:32:46 localhost policyd-spf[29776]: None; identity=mailfrom;
client-ip=162.144.123.162; helo=cpanel.tahfeeztc1.info;
envelope-from=i...@tahfeez-tc1.biz; receiver=malk...@example.com
Dec 24 21:32:46 localhost postfix/qmgr[26503]: 3k75hG64bkz1l: from=<>,
size=242, nrcpt=1 (queue active)
Dec 24 21:32:51 localhost postfix/smtp[28802]: 3k75hG64bkz1l:
to=<i...@tahfeez-tc1.biz>,
relay=mail.tahfeez-tc1.biz[162.144.123.162]:25, delay=4.4,
delays=0/0/1.8/2.6, dsn=2.0.0, status=deliverable (250 Accepted)
Dec 24 21:32:51 localhost postfix/smtpd[26521]: NOQUEUE: reject: RCPT
from cpanel.tahfeeztc1.info[162.144.123.162]: 550 5.1.1
<malk...@example.com>: Recipient address rejected: User unknown in local
recipient table; from=<i...@tahfeez-tc1.biz> to=<malk...@example.com>
proto=ESMTP helo=<cpanel.tahfeeztc1.info>
_____________________________________________
local_recipient_maps = hash:/etc/postfix/local_recipient_maps.cf
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unauth_destination
check_recipient_access hash:/etc/postfix/whitelist_rcpt.cf
check_helo_access regexp:/etc/postfix/blacklist_helo_uncond.cf
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_sender_domain
check_recipient_access hash:/etc/postfix/blacklist_rcpt.cf
check_sender_access hash:/etc/postfix/whitelist_sender.cf
check_sender_access hash:/etc/postfix/blacklist_sender.cf
check_sender_access hash:/etc/postfix/spoofing_protection.cf
check_sender_access regexp:/etc/postfix/blacklist_sender_regex.cf
reject_unknown_reverse_client_hostname
check_sender_ns_access hash:/etc/postfix/blacklist_ns.cf
check_policy_service unix:private/spf-policy
check_recipient_access hash:/etc/postfix/skip_ptr.cf
permit_dnswl_client wl.mailspike.net
permit_dnswl_client list.dnswl.org
permit_dnswl_client iadb.isipp.com
permit_dnswl_client sa-accredit.habeas.com
permit_dnswl_client dnswl.inps.de
permit_dnswl_client swl.spamhaus.org
permit_dnswl_client hostkarma.junkemailfilter.com=127.0.0.1
check_helo_access regexp:/etc/postfix/blacklist_helo.cf
check_reverse_client_hostname_access regexp:/etc/postfix/blacklist_ptr.cf
reject_unverified_sender
