Re: RBL timing

Matus UHLAR - fantomas Thu, 24 Nov 2022 07:05:24 -0800

Matus UHLAR - fantomas:

reject_unlisted_recipient, of course:


http://www.postfix.org/postconf.5.html#reject_unlisted_recipient

reject_unlisted_recipient
   Reject the request when the RCPT TO address is not listed in the list of
   valid recipients for its domain class.  See the
   smtpd_reject_unlisted_recipient parameter description for details.  This
   feature is available in Postfix 2.1 and later.


On 24.11.22 09:23, Wietse Venema wrote:

To avoid DNSBL lookups for non-existent recipients, list
reject_unlisted_recipient before reject_rbl_* and reject_rhsbl_*.


yes, this is what I've meant. The OP currently has according to
https://marc.info/?l=postfix-users&m=166927069321425&w=2


incoming_smtpd_restrictions =
        check_policy_service inet:127.0.0.1:10040,
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        permit_mynetworks,
        check_recipient_access hash:/usr/local/etc/postfix/tempfail,
        reject_unauth_destination,
        reject_unverified_recipient
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client b.barracudacentral.org,
        reject_rbl_client zen.spamhaus.org,
        permit

where reject_unverified_recipient has to be replaced byreject_unlisted_recipient:



incoming_smtpd_restrictions =
        check_policy_service inet:127.0.0.1:10040,
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        permit_mynetworks,
        check_recipient_access hash:/usr/local/etc/postfix/tempfail,
        reject_unauth_destination,
        reject_unlisted_recipient,
        ^^^^^^^^^^^^^^^^^^^^^^^^^
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client b.barracudacentral.org,
        reject_rbl_client zen.spamhaus.org,
        permit



Doug:

There's implicit reject_unlisted_recipient at the end of rules whensmtpd_reject_unlisted_recipient=on (default).


However when this one hits, DNS queries were already sent.

the reject_unlisted_recipient makes sense when delivering mail to another serversor processes/sockets where list of recipients can't be easily found out.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]

Re: RBL timing

Reply via email to