OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: verify parameters

egoitzinfobiok.com
Date: Sun May 11 2008 - 06:03:11 CDT

I'm running postfix 2.3.8, debian etch postfix package

> Hi Wietse!!!!
>
> first of all thank you for answering and having this patience. Have been
> again reading slowly you're mails, the doc and doing some checks before
> writting...
>
> but :
>
>> egoitzinfobiok.com:
>>> Hi Wietse!!!
>>>
>>> First of all very thanked by you're answers, really. thank you very
>>> much.
>>> Have been reading you're mail and re-reading this parameters in
>>> postfix.org doc and have reached to two conclusions :
>>>
>>> 1.- If cache records (each recipient checked and set as exists or not)
>>> expire anyway in time T + expire... then why do we use refresh too? I
>>> say
>>
>> The concepts of caching, expiration and refresh were invented before
>> most people on the Internet were born. For example, they are the
>> basis for the DNS protocol.
>
> I know but there I can understand concepts because when you're a slave
> zone if unless one refresh hasn't happened in the period of time of the
> expiry time value the zone is disconnected... and refresh is used to
> update slave zones... or when you're caching refresh time means how many
> time you could pass to clients the last obtained value from the
> authoritive server without updating it...
>
>
> But here for example in positive caching can't understand why is used for
> a refresh parameter because if the probe fails the status is not
> updated... so what is used for the refresh? because If I read well I see
> in previous mails that in postfix verify cache expiry time just arrives
> after T + expiry time, nothing to do with refreshes (as in dns)... so why
> are we refreshing positive cached values? I could understand the refresh
> in negative caching but in positive? why is done in positive caching a
> refresh if status of the recipient is not updated if probe fails and
> expiry time is fixed since the value was entered in the verify table?
>
> And have done some checks with this values :
>
> address_verify_map = btree:/etc/postfix/tablaverify
> address_verify_positive_refresh_time = 3m
> address_verify_positive_expire_time = 5m
> address_verify_negative_cache = no
>
> (the values are very low I know but I'm just testing it...)
>
> I send an email to a non existing address (aa.es, of course supposing
> a.es is hosted domain of my destination server) it's rejected, ok till
> here. Now I create aa.es, nice because the mail is automatically accepted
> so negative_cache is disable as we said... I do an ls -l
> /etc/postfix/tablaverify.db and see it's last modification time is 12:08
> now I remove aa.es (are 12:09 more or less) from mailbox server (the
> destination I mean) and continue sending mails to aa.es from the postfix
> scanning machine... the caching file is updated at 12:11.
>
> postmap -s btree:/etc/postfix/tablaverify outputs :
>
> 1a.es 0:0:1210500473:250 Accepted
> 2a.es 0:0:1210500476:250 Accepted
> aa.es 0:1210500663:1210500479:250 Accepted
> 3a.es 0:0:1210500482:250 Accepted
>
> now continue sending mails to this non existing recipient (and see how
> bounces arrive because it's accepted but doesn't exist aa.es...)...
>
> the file continues without being updated (optimistic caching as doc sais,
> so till here well) but expiration time doesn't arrive because time is
> 12:26 and can sending mails to aa.es (I send one mail per minute more or
> less since I removed the recipient to see how bounces arrives) without
> being rejected at smtp time... all of them are bounced... if expiry time
> is 5m shouldn't it be expired from the verify btree cache table at 12:13
> (because the value was entered at 12:08 as we said and expiry is 5m)?
>
> now are 12:29 I tried sending again a mail to aa.es and it's rejected
> nice... but I removed it more or less at 12:09 have passed more or less 20
> minutes... is it a minimum period of time for this values? because
> positive expire is set to 5m and have passed more or less 20 (because
> value was entered at 12:08 in database too)...
>
>
>>
>> In the case of Postfix,
>>
>> - Refresh means you don't have to wait until the probe completes.
>>
>> - Expire means you know nothing until the probe completes.
>>
>
>
>> If you want to learn how cache algorithms work, The Postfix list
>> is not the right forum.
>
> No, no Wietse I just want to make reject_unverfied_recipient to work for
> avoid spamming the world when spammers send mail to one of my domains and
> the user doesn't exist. There are various ISP in wich they accept all mail
> and later bounce it... I don't like this solution... that's all really, I
> don't want you to teach me something that I should learn by myself or
> something like that, really mates. I'm just worried about spam, and can't
> get a list of valid recipients from my customers, it's totally impossible
> I tried it...
>
>
>
> Thanks a lot very very really.
>>
>
>
>
>