Tobi: > I wonder if the following idea is somehow "do-able" in postfix. We have > a fallback postfix instance which gets all mails that our scanners could > not send to our customers target server. Now the fallback tries to > submit those msg to our customers. Sometimes our customers do not know > how to manage dns and delete an important record (like the a-rec for the > target server). We do not manage their zones, that's done by themselves. > > Now we thought that it would be very nice if we could "tell" our > fallback instance that in case of NXDomain in DNS lookup of a target > server to return a DEFER (4xx) instead of a REJECT (5xx). > I found soft_bounce parameter in the docs but that seems too wide, as we > would only soft bounce in case of NXDomain results of target servers and > not for any other reason. Is it possible to use smtp_dns_reply_filter to > filter for NXDomain results and return a DEFER action?
This would require a filter for DNS reply STATUS codes. This is different from smtp_dns_reply_filter which currently can only change the content of resource records (i.e. when the DNS query succeeds). Unbound has a filtering feature that is more powerful than Postfix's (no surprise, since Unbound is specialized for DNS). Maybe unbound can handle your case. https://medium.com/nlnetlabs/client-based-filtering-in-unbound-d7da3f1ef639 https://github.com/ohitz/unbound-domainfilter/blob/master/dns_filter.py https://github.com/cbuijs/unbound-dns-filter Wietse
