Daniel Hopkirk - RandomInsanity:
> Hi Guys,
>
> Thanks Wietse for your comments, you confirmed what I assumed but couldn't
> afford to assume!
>
> And thanks for your thoughts Bennett. I'm happy to say that the key points
> you mentioned are ones we have already given thought as part of our general
> planning.
>
> I've been progressing following your comments and have made good progress
> but have hit a road block that I'm hoping someone can spot what I'm missing.
>
> The short issue is that although we're using 'reject_unverified_recipients'
> and have set 'unverified_recipient_reject_code = 550', mail is still
> continuing and going through greylisting (returning 450 to client) and not
> until greylisting is over is it rejecting the email back to the client. The
Your 550 reply code applies IF AND ONLY IF the downstream server
rejects the recipient.
In your case, the answer is determined by the setting of
unverified_recipient_tempfail_action.
reject_unverified_recipient
Reject the request when mail to the RCPT TO address is known to
bounce, or when the recipient address destination is not reach-
able. Address verification information is managed by the ver-
ify(8) server; see the ADDRESS_VERIFICATION_README file for
details.
The unverified_recipient_reject_code parameter specifies the
numerical response code when an address is known to bounce
(default: 450, change into 550 when you are confident that it is
safe to do so).
The unverified_recipient_defer_code parameter specifies the
numerical response code when an address probe failed due to a
temporary problem (default: 450).
>>> The unverified_recipient_tempfail_action parameter specifies the
>>> action after address probe failure due to a temporary problem
>>> (default: defer_if_permit).
This feature is available in Postfix 2.1 and later.
Ignoring the confusing text (and corresponding implementation) the
up-shot is that either your address probe is still in flight, the
down-stream server is unavailable, or the down-stream server replied
with 4XX.
In all those cases you don't want to 5XX reject the recipient
because the address may still be good. With defer_if_permit, Postfix
looks for other reasons to hard reject the recipient, hence the
greylist and other checks.
Wietse
