Mihaly Zachar via Postfix-users:
> On Sun, 7 May 2023 at 03:12, Mihaly Zachar <zmih...@gmail.com> wrote:
>
> > On Sun, 7 May 2023 at 03:05, Wietse Venema via Postfix-users <
> > postfix-users@postfix.org> wrote:
> >
> >>
> >> Look at output from:
> >>
> >> (postconf -n; postconf -P) | grep soft_bounce
> >>
> >
> > this gives an empty set...
> >
> >
> I think I have figured it out. I have the "MX Policy test" set up (you can
> see it in the configs) based on the POSTSCREEN_README.
> As far as I can see, the IPs which connect to the secondary MX will get 450
> from Postscreen.
>
> The only question is why it sends back 450 rather than 550 ?
It is a lack of information problem. Mathematically-oriented people
will like that.
How would postscreen distinghuish between:
1) A legitimate client tries to connect to the primary MX first, and
that fails because of some temporary network outage/overload/whatever.
Then the client tries to connect to the secondary MX.
2) A non-legitimate client connects only to a non-primary MX.
The only information postscreen has is that there was a connection
to the secondary MX without an earlier connection to the primary
MX. Postscreen does not know that the client did not try to
connect to the primary.
More formally, lack of evidence of a primry MX connection is not
evidence of a lack of an attempt to make a primary MX connection.
It postscreen replies with 550, it could reject legitimate email.
After multiple such connnections, postscreen could theoretically
decide that the client is unlikely to ever connect to the primary
MX, but by then the client will likely already have given up, and
postscreen has done no harm.
Postscreen does not have such a counting system.
It's also possible that a legitimate mail system always connects
to a non-primary MX due to an imlementation bug. You can monitor
your logs logs and make an exception for such mailers before they
give up.
> Where can I change it ?
That would be a mistake. You could reject legitimate email.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
