On 01/03/18 05:09, J Doe wrote: > Hi John, > >> On Feb 27, 2018, at 3:25 PM, John Fawcett <j...@voipsupport.it> wrote: >> I can't think of a compelling reason either to enable VRFY or to disable >> it. Disabling it stops people abusing it, but then they can just use >> RCPT TO to get the same information in most cases. I disabled it since I >> can't see any use for it. >> >> John > That is a valid point - I believe the VRFY RFC observed the same thing: that > RCPT TO can be used in a similar fashion. > > Performing an EHLO to both Gmail and Hotmail/Outlook shows that they both > disable it, which I would expect, but do they implement a policy of a certain > number of invalid RCPT TO cause the connection to terminate ? > > I know there is a setting for the number of “junk commands” received in > Postfix, but that is different. Is there a method via main.cf for > restricting RCPT TO abuse ? > > Thanks, > > - J
These settings control behaviour of the smtpd server for number of errors (including RCTP TO errors) smtpd_soft_error_limit smtpd_error_sleep_time smtpd_hard_error_limit The following setting controls how many RCPT TO commands can be sent per unit of time smtpd_client_recipient_rate_limit In general you will only be able to slow down recipient verification, not prevent it. Nowadays I don't believe that address verification abuse is a significant problem. John
