Re: correct rejection/error response when using remote address verification?

Wed, 23 Mar 2016 12:40:02 -0700 

Re-reading the docs and my configs I caught an issue -- similarly named params 
that I hadn't realized as being different.

If my main.cf I had

        smtpd_recipient_restrictions =
          reject_non_fqdn_recipient
          reject_unauth_pipelining
          reject_non_fqdn_recipient
          reject_unknown_recipient_domain
          permit_sasl_authenticated
          permit_mynetworks
          reject_unlisted_recipient

If I add

        smtpd_recipient_restrictions =
          reject_non_fqdn_recipient
          reject_unauth_pipelining
          reject_non_fqdn_recipient
          reject_unknown_recipient_domain
          permit_sasl_authenticated
          permit_mynetworks
        + reject_unverified_recipient
          reject_unlisted_recipient

now, the remote address verification IS occurring in the postscreen stage, and 
it looks like it's being correctly rejected now

        Mar 23 12:29:28 mail1 postfix/postscreen[31437]: CONNECT from 
[209.85.192.169]:32793 to [173.255.249.242]:25
        Mar 23 12:29:34 mail1 postfix/postscreen[31437]: PASS OLD 
[209.85.192.169]:32793
        Mar 23 12:29:34 mail1 postfix/psint/smtpd[31442]: connect from 
mail-pf0-f169.google.com[209.85.192.169]
        Mar 23 12:29:36 mail1 postfix/cleanup[31451]: 3qVflN0Htkz2wX3: 
message-id=<3qvfln0htkz2...@mail1.example.com>
        Mar 23 12:29:36 mail1 postfix/qmgr[31293]: 3qVflN0Htkz2wX3: 
from=<double-bounce3...@mail1.example.com>, size=246, nrcpt=1 (queue active)
        Mar 23 12:29:36 mail1 postfix/addressverify/smtp[31452]: 
3qVflN0Htkz2wX3: to=<noex...@example.com>, 
relay=mail2.example.com[10.46.1.121]:25, delay=0.67, delays=0.01/0.01/0.55/0.1, 
dsn=5.1.1, status=undeliverable (host mail2.example.com[10.46.1.121] said: 550 
5.1.1 <noex...@example.com>: Recipient address rejected: example.com (in reply 
to RCPT TO command))
        Mar 23 12:29:36 mail1 postfix/qmgr[31293]: 3qVflN0Htkz2wX3: removed
        Mar 23 12:29:39 mail1 postfix/psint/smtpd[31442]: NOQUEUE: reject: RCPT 
from mail-pf0-f169.google.com[209.85.192.169]: 550 5.1.1 <noex...@example.com>: 
Recipient address rejected: undeliverable address: Recipient address unknown; 
from=<j...@gmail.com> to=<noex...@example.com> proto=ESMTP 
helo=<mail-pf0-f169.google.com>
        Mar 23 12:29:39 mail1 postfix/psint/smtpd[31442]: disconnect from 
mail-pf0-f169.google.com[209.85.192.169] ehlo=2 starttls=1 mail=1 rcpt=0/1 
data=0/1 quit=1 commands=5/7

So I went back to re-read

        http://www.postfix.org/ADDRESS_VERIFICATION_README.html

which doesn't list reject_unlisted_recipient at all.

I finally found both

        reject_unverified_recipient
        reject_unlisted_recipient

at http://www.postfix.org/postconf.5.html, but I just can't grasp the 
difference.

Can someone clarify the difference between those 2, particularly in the context 
of remote address verification?

Reply via email to