On 6/11/2015 5:49 AM, Mick wrote: > Good morning, > > > I have found 'reject_unverified_sender' superb at reducing the > number of SPAM messages getting though. I've set up a whitelist for > those few trusted senders or domains where their dopey mail servers' > don't comply. I do have a minor problem with mail servers that do > comply, but apply greylisting. > > Originally I omitted 'address_verify_negative_cache =no' from > main.cf. This defaults to 'yes' and sender verification failures > were cached saving a constantly chattering probe relay. > Unfortunately it would appear that this method also caches temporary > errors too (those also being a fail), so when I receive a 471 as > part of a greylisting policy, that message won't be delivered. > Postfix will reject when remote server re-attempts to deliver > relying on its cache from the first attempt rather than sending > another dummy message. I have now set the negative cache to 'no' > meaning a retry for every incoming message that hasn't passed > address verification. It is either that or adding all domain that > use greylisting to the whitelist. > > Does anyone know if there's a way to exempt / prevent 471 (or other > temporary reject codes) from being cached? >
The best solution is to not attempt to verify external senders. Many sites will consider this abuse and blacklist you. -- Noel Jones
