On 11/16/2018 2:41 PM, Fazzina, Angelo wrote: > Hi again, > Even though my configuration does what I need it to do, it seems to have > broken something else that needs to still work. > Did I forget something or just did this wrong ? > Will this setting allow whitelisting something to help the issue > "smtpd_sender_restrictions" > I maybe just confusing the processing Postfix does AFA envelope TO and FROM > and header TO and FROM...?
The To: From: headers have no relation to postfix delivery. All delivery is based on envelope addresses. > > Here is the test showing what is broken: >... > 250 2.1.0 Ok > rcpt to:uconn_employee...@listserv.uconn.edu > 450 4.1.1 <uconn_employee...@listserv.uconn.edu>: Recipient address rejected: > unverified address: Address verification in progress >... Nothing wrong here. The address verification is in progress and the client is free to retry delivery. Presumably the verification completed a few seconds later. This will be noted in the log. If you wish to exempt some recipient from verification, add a check_recipient_access map before the reject_unverified_recipient > Here is my current config in main.cf : > smtpd_recipient_restrictions = reject_unknown_recipient_domain, > reject_unverified_recipient, permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination Typically, reject_unverified_recipient would be after reject_unauth_destination to prevent verifying random internet recipients, or in a check_recipient_access map to limit the scope of the checks. Something like: dontverif...@example.com DUNNO listserv.example.com DUNNO example.com reject_unverified_recipient > relay_recipient_maps = hash:/etc/postfix/files/sender_relay_domains, > mysql:/etc/postfix/files/mysql_pn.cf > [root@mta5 files]# more sender_relay_domains > @listserv.uconn.edu OK relay_recipient_maps does not exempt addresses from the reject_unverified_recipient check. See the above example for how to exempt addresses from verification. > > Here is [most of] the headers of a real email that gets delivered to my > first.l...@uconn.edu address even though it does not appear anywhere in the > headers : Headers are irrelevant for this discussion. Postfix logs will show what is happening. -- Noel Jones
