On Tue, 2009-08-18 at 20:02 +0100, Ned Slider wrote:
> LuKreme wrote:
> > On 17-Aug-2009, at 04:24, Ned Slider wrote:
> >> Question - in Postfix do "user unknown" rejections still incur a dns
> >> RBL lookup, or does the rejection occur before reject_rbl_client?
> >
> >
> > HELO/EHLO rejections do not reach RBL, and neither do unknown, as long
> > as you specify the right order in the smtpd_recipient_restrictions
> > settings. These should be 'cheapest to most expensive' which means RBLs
> > should be last.
> >
> > The order IS important on the restrictions.
> >
>
> Indeed, but rejecting unknown local recipients isn't a function of
> smtpd_*_restrictions. From my observations, it would appear that
> rejecting unknown local recipients occurs after smtpd_*_restrictions,
> and thus after any RBL lookups.
>
> Checking my logs appears to confirm this, where I see spamhaus
> rejections for mail with an "unknown" local envelope_to address.
>
> For example:
>
> Aug 18 14:55:32 Quad postfix/smtpd[12739]: NOQUEUE: reject: RCPT from
> unknown[77.31.23.91]: 554 5.7.1 Service unavailable; Client host
> [77.31.23.91] blocked using zen.spamhaus.org;
> http://www.spamhaus.org/query/bl?ip=77.31.23.91;
> from=<lafsxo...@icwconsultancy.nl> to=<tej...@example.com> proto=ESMTP
> helo=<77.31.23.91.dynamic.saudi.net.sa>
>
> where tej875 certainly isn't a known or valid address at that domain.
>
>
Depends *where* you put the restriction. If it's sitting in
smtpd_recipient_restrictions, then it will resolve the recipient first
(so any recipient level maps can bite). If you don't require this
behaviour the rbl restriction could be placed in a different restriction
section, for example: smtpd_client_restrictions.
