From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 01 2003 - 18:45:08 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Correction: permit_mx_bckup should precede reject_unauth_destination.

        Wietse

Marcus Reid:
> Hello,
>
> I'm finding recipient address verification very useful.
> However, there's a couple of things that I would like to
> do a little differently when setting this up for a larger
> site.
>
> If the destination mail server is down, the incoming message
> will be deferred with a 450. This defeats the point of being
> a backup MX for domains. I'd like to be able to reject email
> to invalid recipients, but if the verification times out
> (after 9 seconds or whatever,) I would like to accept the mail
> into the queue instead of deferring it.

If you're backup you don't receive their mail while their primary
server is up. You get mail only when it is down.

Therefore you must exclude such domains from reject_unverified_recipient.

    smtpd_recipient_restrictions =
        permit_mynetworks
        permit_mx_backup
        reject_unauth_destination
        reject_unverified_recipient

With appropriate permit_mx_backup_networks setting if needed.

> Also, it seems bad to cache failed verifications. If an account
> is added to the destination server, the MX will still reject
> mail with a 550. Caching positives is good, because if the
> account is deleted later all that happens is a bounce is
> generated down the line.

This is why the caching policy is configurable.

        Wietse

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]