Dnia 18.02.2022 o godz. 11:17:13 Wietse Venema pisze:
Starting to wonder if reject_unverified_recipient should be given
more publicity.
I needed to reread http://www.postfix.org/ADDRESS_VERIFICATION_README.html
but yes, looks like it needs exactly this publicity.
Jaroslaw Rafa:
Definitely should. I always thought of reject_unverified_recipient only in
context of a front-end server relaying mail to the final server, which is a
pretty rare case for me (I usually work with single-server setups). I did
not think that it can be used in such context as rewriting by canonical
maps.
the same by me.
Thanks for pointing out, Wietse.
On 2/18/22 12:20, Wietse Venema wrote:
Upon closer reading, address verification has limits some of
which are intentional.
Address verification will validate addresses that result from
canonical mappings and of 1-to-1 virtual aliases.
This should be enough for most cases.
Address verification will not validate addresses that result from
the expansion of 1-to-many virtual aliases. It will just report
that the address before alias expansion is valid.
It does not validate 1-to-many expansions because that would result
in an explosive behavior, because the result would ambiguous if
some addresses in the expansion result are valid and some not, and
because it could be undesirable to reveal what 1-to-many aliases
expand into.
While mapping to multiple recipients could fail if none of them exists, this
is more an error of admins/configuration and one should not expect postfix
to do everything for them.
(not that I didn't think of something like this for different case, but I'm
not a programmer so it would take much time for me)
Address verification will also not validate addresses that result
from local aliasing/forwarding with alias_maps or ~/.forward files,
because I was too lazy to write code that determines if these are
1-to-1 or 1-to-many, but also because it might reveal too much
information. It will just report that the address before alias
expansion or forwarding is valid.
On 20.02.22 01:43, Demi Marie Obenour wrote:
Is reject_unverified_recipient the correct approach for a standard
Postfix/Dovecot setup?
it should not be needed unless your postfix instance does not know whether
final recipients exist. Imho it's always better to make it know but
reject_unverified_recipient looks like good workaround.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
