Thanks Victor. This is exactly what I was looking for. Thanks Noel: yes, I messed up and wrote the wrong parameter. Yes, reject_unknown_recipient_domain is what I meant. But thanks for the additional details.
Thanks li...@rhsoft.net: I didn't make it clear that I was referring to outgoing, not incoming. Hence the reference to DNS. But thanks for responding. I've got what I need, now. Thanks all. Michael > -----Original Message----- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Viktor Dukhovni > Sent: Monday, January 19, 2015 12:43 PM > To: postfix-users@postfix.org > Subject: Re: Recipient address rejected: Domain not found > > On Mon, Jan 19, 2015 at 12:12:34PM -0800, Michael Fox wrote: > > > 450 4.1.2 <u...@nohow.noway.org>: Recipient address rejected: Domain not > found > > Turn off the default safety net, I have: > > unknown_address_reject_code = 550 > unknown_client_reject_code = 550 > unknown_hostname_reject_code = 550 > unverified_recipient_reject_code = 550 > unverified_sender_reject_code = 550 > > I've left plaintext_reject_code at its default value. See: > > http://www.postfix.org/postconf.5.html#unknown_address_reject_code > http://www.postfix.org/postconf.5.html#unknown_client_reject_code > http://www.postfix.org/postconf.5.html#unknown_hostname_reject_code > > http://www.postfix.org/postconf.5.html#unverified_recipient_reject_code > http://www.postfix.org/postconf.5.html#unverified_sender_reject_code > > > What seems reasonable to me is the following: > > > > -- If postfix receives a response from DNS that the domain does not > exist, > > then reject with 550 > > That's the behaviour without the safety net. > > > -- Otherwise, delay with 450 (DNS failure, etc.) > > > > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient says > one > > can use unverified_recipient_reject_code to change the 450 (temporary) > > failure to a 550 (permanent) failure "when you trust Postfix's > judgments". > > The reject_code's should be changed in production systems once the > configuration is otherwise correct. > > > As a newbie, I'm cautious about changing values from their default > because > > I'm sure the default was chosen for a reason. > > In this case an initial deployment safety net, that should be removed once > the configuration is believed correct. > > > 1) Can someone explain what "when you trust Postfix's judgments" means, > > specifically? > > Your DNS is not broken. Your main.cf settings are not broken. > > > 2) What do you gurus do/recommend with > "unverified_recipient_reject_code"? > > See above. > > > 3) If you do recommend changing "unverified_recipient_reject_code" to > 550, > > is there anything to watch out for? > > Rejection of mail you wanted accepted, but the best time to watch > out for that is while the safety net is still in place. > > -- > Viktor.
