Re: unverified_recipient_tempfail_action = permit

Charlie Orford: >I know I am starting to sound like a broken record but I really >think a sensible, clean method to run a secondary mx that is capable >of verifying recipients and accepting mail (rather than deferring) >with or without the primary being up would be a nice feature to >have. Indeed,

Re: unverified_recipient_tempfail_action = permit

- Original Message - From: Noel Jones To: postfix-users@postfix.org Cc: Sent: Wednesday, July 6, 2011 12:25 AM Subject: Re: unverified_recipient_tempfail_action = permit >To run a policy service on all addresses, add the >check_policy_service directive to your smtpd restrictions a

Re: unverified_recipient_tempfail_action = permit

On 7/5/2011 4:00 PM, Charlie Orford wrote: > For the above to work, I assume you could give check_recipient_access a > table containing: *@ on the left and the policy script on the right (i.e. to > force it > to fire the policy script for every recipient). Not sure if that actually > works or is

Re: unverified_recipient_tempfail_action = permit

Am 05.07.2011 23:00, schrieb Charlie Orford: > > > > > - Original Message - > From: Noel Jones > To: postfix-users@postfix.org > Cc: > Sent: Tuesday, July 5, 2011 8:49 PM > Subject: Re: unverified_recipient_tempfail_action = permit > >> Mayb

Re: unverified_recipient_tempfail_action = permit

- Original Message - From: Noel Jones To: postfix-users@postfix.org Cc: Sent: Tuesday, July 5, 2011 8:49 PM Subject: Re: unverified_recipient_tempfail_action = permit >Maybe a compromise? >How about running on the main MX >postmap -s btree:/path/verify | grep ':250 &

Re: unverified_recipient_tempfail_action = permit

- Original Message - From: Wietse Venema To: Postfix users Cc: Sent: Tuesday, July 5, 2011 8:38 PM Subject: Re: unverified_recipient_tempfail_action = permit >Fundamentally, both approaches rely on talking to the primary MX, >and therefore both approaches would suffer from err

Re: unverified_recipient_tempfail_action = permit

- Original Message - From: /dev/rob0 To: postfix-users@postfix.org Cc: Sent: Monday, July 4, 2011 3:06 PM Subject: Re: unverified_recipient_tempfail_action = permit >On Mon, Jul 04, 2011 at 04:48:44AM -0700, Charlie Orford wrote: >> unverified_recipient_tempfail_action = perm

Re: unverified_recipient_tempfail_action = permit

On 7/5/2011 1:38 PM, Wietse Venema wrote: > Charlie Orford: >> I will run the tests and get the output for you later tonight but >> my suspicion is that there was likely nothing wrong with the >> address cache, just that a lot of addresses had never been probed >> by the secondary mx as the primary

Re: unverified_recipient_tempfail_action = permit

Charlie Orford: > I will run the tests and get the output for you later tonight but > my suspicion is that there was likely nothing wrong with the > address cache, just that a lot of addresses had never been probed > by the secondary mx as the primary mx is up virtually 99.9% of > the time. Wietse

Re: unverified_recipient_tempfail_action = permit

- Original Message - From: Wietse Venema To: Postfix users Sent: Tuesday, July 5, 2011 6:46 PM Subject: Re: unverified_recipient_tempfail_action = permit >>Charlie Orford: >> I will run the tests and get the output for you later tonight but my >> suspicion >>

Re: unverified_recipient_tempfail_action = permit

Charlie Orford: > I will run the tests and get the output for you later tonight but my suspicion > is that there was likely nothing wrong with the address cache, just that > a lot of addresses had never been probed by the secondary mx as the > primary mx is up virtually 99.9% of the time. In that

Re: unverified_recipient_tempfail_action = permit

- Original Message - >From: Wietse Venema >To: Postfix users >Sent: Tuesday, July 5, 2011 5:38 PM >Subject: Re: unverified_recipient_tempfail_action = permit > >>Reindl Harald: >> Am 05.07.2011 16:55, schrieb Wietse Venema: >> > If no such pro

Re: unverified_recipient_tempfail_action = permit

Reindl Harald: > Am 05.07.2011 16:55, schrieb Wietse Venema: > > If no such problem exists, then we know that cache expiration > > has nothing to do with the issue and we can move on. > > > > When the address verify cache works properly, it should become > > populated over time (by spammers, by le

Re: unverified_recipient_tempfail_action = permit

Am 05.07.2011 16:55, schrieb Wietse Venema: > If no such problem exists, then we know that cache expiration > has nothing to do with the issue and we can move on. > > When the address verify cache works properly, it should become > populated over time (by spammers, by legitimate sites that have

Re: unverified_recipient_tempfail_action = permit

Charlie Orford: >Hi Wietse, > >Although the address caching should have worked as you describe, >we found that it failed for a number of addresses despite the fact >that these addresses had received email in the last 31 days (most >had in fact received mail in the last 24 hours). To report a probl

Re: unverified_recipient_tempfail_action = permit

- Original Message - From: Charlie Orford To: Postfix users Sent: Tuesday, July 5, 2011 10:45 AM Subject: Re: unverified_recipient_tempfail_action = permit >Hi Wietse, > >Although the address caching should have worked as you describe, we >found that it failed for a number

Re: unverified_recipient_tempfail_action = permit

>From: Wietse Venema >Sent: Monday, July 4, 2011 9:10 PM >Subject: Re: unverified_recipient_tempfail_action = permit > >My previous reply suffered from damage while editing. This is an >attempt to fix it. > >The problem with recipients not in the verify cache is easily

Re: unverified_recipient_tempfail_action = permit

Jerry: > On Mon, 4 Jul 2011 04:48:44 -0700 (PDT) > Charlie Orford articulated: > > > unverified_recipient_tempfail_action = permit? would have solved this > > problem with the small penalty of a brief period of potential > > backscatter. > > The "potential backscatter" is enough to turn me off on

Re: unverified_recipient_tempfail_action = permit

Jerry: > On Mon, 4 Jul 2011 04:48:44 -0700 (PDT) > Charlie Orford articulated: > > > unverified_recipient_tempfail_action = permit? would have solved this > > problem with the small penalty of a brief period of potential > > backscatter. > > The "potential backscatter" is enough to turn me off on

Re: unverified_recipient_tempfail_action = permit

On Mon, Jul 04, 2011 at 04:48:44AM -0700, Charlie Orford wrote: > unverified_recipient_tempfail_action = permit  would have solved > this problem with the small penalty of a brief period of potential > backscatter. > > Where is the down side? That "small penalty" sure is a down side. If I would

Re: unverified_recipient_tempfail_action = permit

On Mon, 4 Jul 2011 04:48:44 -0700 (PDT) Charlie Orford articulated: > unverified_recipient_tempfail_action = permit  would have solved this > problem with the small penalty of a brief period of potential > backscatter. The "potential backscatter" is enough to turn me off on the proposal. Now, if

Re: unverified_recipient_tempfail_action = permit

--- In postfix-us...@yahoogroups.com, Wiebe Cazemier wrote: > > Hi, > > I don't really know where to post feature ideas, but this seems the only > viable option. > > I was setting up a fallback MX server with Postfix and was struggling with > preventing backscatter mail. I thought I found a

Re: unverified_recipient_tempfail_action = permit

On 2011-06-12 Wiebe Cazemier wrote: > From: "Reindl Harald" >> Am 11.06.2011 16:55, schrieb Wiebe Cazemier: >>> That's not what I meant. I meant that 99% of the time, the primary >>> server will be up and recipient address verification will work to >>> reject (spam) messages to unknown users. Thos

Re: unverified_recipient_tempfail_action = permit

Am 12.06.2011 11:50, schrieb Manuel Riel: > I also kept a list of valid recipients on my backup mx for quite some time, > but this is no elegant solution. I need to collect the list from various SLQ- > and LDAP sources every few hours. man mysql replication man mysql ssl if your configurati

Re: unverified_recipient_tempfail_action = permit

On 12 Jun 2011, at 11:23, Wiebe Cazemier wrote: > - Original Message - >> From: "Reindl Harald" >> To: postfix-users@postfix.org >> Sent: Sunday, 12 June, 2011 10:04:02 AM >> Subject: Re: unverified_recipient_tempfail_action = permit >> &g

Re: unverified_recipient_tempfail_action = permit

- Original Message - > From: "Reindl Harald" > To: postfix-users@postfix.org > Sent: Sunday, 12 June, 2011 10:04:02 AM > Subject: Re: unverified_recipient_tempfail_action = permit > > > > Am 12.06.2011 09:06, schrieb Wiebe Cazemier: > >> so yo

Re: unverified_recipient_tempfail_action = permit

Am 12.06.2011 09:06, schrieb Wiebe Cazemier: >> so you do not need any backup-MX because if your primary >> is not available the deferring happens on the sender >> >> this is the way smtp works > > Default defer time for most SMTP servers is only 3 to 5 days, that is not > long enough for me.

Re: unverified_recipient_tempfail_action = permit

- Original Message - > From: "Reindl Harald" > To: postfix-users@postfix.org > Sent: Saturday, 11 June, 2011 6:23:59 PM > Subject: Re: unverified_recipient_tempfail_action = permit > > > > Am 11.06.2011 16:55, schrieb Wiebe Cazemier: > > That

Re: unverified_recipient_tempfail_action = permit

Am 11.06.2011 16:55, schrieb Wiebe Cazemier: > That's not what I meant. I meant that 99% of the time, the primary server > will be up and recipient address verification will work to reject (spam) > messages to unknown users. Those two scenario's you mentioned are when > the primary is down or

Re: unverified_recipient_tempfail_action = permit

- Original Message - > From: "Wietse Venema" > To: "Wiebe Cazemier" > Cc: postfix-users@postfix.org > Sent: Friday, 10 June, 2011 9:37:39 PM > Subject: Re: unverified_recipient_tempfail_action = permit > > Wiebe Cazemier: > > That's wh

Re: unverified_recipient_tempfail_action = permit

Wiebe Cazemier: > That's why I was asking if it wouldn't be a good idea to have > 'permit' be a viable option for unverified_recipient_tempfail_action. unverified_recipient_tempfail_action is triggered when: - The backup MX could not reach the primary MX. - The primary MX replied with a 4xx resp

Re: unverified_recipient_tempfail_action = permit

On Fri, Jun 10, 2011 at 09:35:03PM +0200, Wiebe Cazemier wrote: > > It can't. Never before seen recipients will be deferred, recipients > > validated while the primary MX was up and cached (for 7-14 days) will > > however be accepted. This is good enough, and the best you can do > > without gettin

Re: unverified_recipient_tempfail_action = permit

- Original Message - > From: "Victor Duchovni" > To: "Wiebe Cazemier" > Cc: postfix-users@postfix.org > Sent: Friday, 10 June, 2011 5:04:09 PM > Subject: Re: unverified_recipient_tempfail_action = permit > > On Fri, Jun 10, 2011

Re: unverified_recipient_tempfail_action = permit

On Fri, Jun 10, 2011 at 05:00:16PM +0200, Wiebe Cazemier wrote: > - Original Message - > > From: "Wietse Venema" > > To: "Wiebe Cazemier" > > Cc: postfix-users@postfix.org > > Sent: Friday, 10 June, 2011 2:50:34 PM > > Subje

Re: unverified_recipient_tempfail_action = permit

- Original Message - > From: "Wietse Venema" > To: "Wiebe Cazemier" > Cc: postfix-users@postfix.org > Sent: Friday, 10 June, 2011 2:50:34 PM > Subject: Re: unverified_recipient_tempfail_action = permit > > Wiebe Cazemier: > > - The serve

Re: unverified_recipient_tempfail_action = permit

Wiebe Cazemier: > - The server is backup MX for mail hosts that I don't know anything > about. In that case, the backup MX needs to ask the primary MX if the recipient is valid. Otherwise, you become a backscatter source. Wietse

Re: unverified_recipient_tempfail_action = permit

- Original Message - > From: "Ansgar Wiechers" > To: postfix-users@postfix.org > Sent: Friday, 10 June, 2011 12:47:35 AM > Subject: Re: unverified_recipient_tempfail_action = permit > > On 2011-06-10 Wiebe Cazemier wrote: > > Ansgar Wiechers wrote:

Re: unverified_recipient_tempfail_action = permit

On 2011-06-10 Wiebe Cazemier wrote: > Ansgar Wiechers wrote: >> On 2011-06-09 Wiebe Cazemier wrote: >>> I was setting up a fallback MX server with Postfix and was struggling >>> with preventing backscatter mail. I thought I found a good solution, >>> but it turned out to be an illegal option. >>>

Re: unverified_recipient_tempfail_action = permit

Well, when the primar is down, all incoming messages on the fallback are deferred, because it can't do the verification. This means the result is the same as having no fallback at all. Ansgar Wiechers wrote: On 2011-06-09 Wiebe Cazemier wrote: > I was setting up a fallback MX server with Post

Re: unverified_recipient_tempfail_action = permit

On 2011-06-09 Wiebe Cazemier wrote: > I was setting up a fallback MX server with Postfix and was struggling > with preventing backscatter mail. I thought I found a good solution, > but it turned out to be an illegal option. > > Postfix has the ability to do recipient address verification. When >