Loading ...
Sorry, an error occurred while loading the content.

Re: unverified_recipient_tempfail_action = permit

Expand Messages
  • /dev/rob0
    ... That small penalty sure is a down side. If I would provide backup service for someone else, I would absolutely insist that the primary must never reject
    Message 1 of 41 , Jul 4, 2011
    • 0 Attachment
      On Mon, Jul 04, 2011 at 04:48:44AM -0700, Charlie Orford wrote:
      > unverified_recipient_tempfail_action = permitĀ  would have solved
      > this problem with the small penalty of a brief period of potential
      > backscatter.
      >
      > Where is the down side?

      That "small penalty" sure is a down side. If I would provide backup
      service for someone else, I would absolutely insist that the primary
      must never reject my mail for that domain. Let THEM be the spammer,
      not me.

      If you're intent on this, you can implement it yourself with simple
      scripts. Best would be a small policy service, but a shell script
      running from crontab would suffice.

      The cron job would check to see if the primary MX is reachable, and
      exit if so. A check_recipient_access lookup for the backup domain
      would return "defer" or "defer_if_permit". If the primary MX is not
      available, the access map would be changed to return "dunno".

      The cron job continues checking availability of the primary MX, and
      changes the access map back, and optionally runs "postfix flush",
      when the primary MX comes back.

      A policy service could do the same thing in real time, without the
      possible delay of the cron job interval. It could also flag clients
      as likely spammers when they attempt to deliver to the backup domain
      while the primary MX is up.

      References:
      http://www.postfix.org/SMTPD_ACCESS_README.html
      http://www.postfix.org/access.5.html
      http://www.postfix.org/SMTPD_POLICY_README.html
      --
      Offlist mail to this address is discarded unless
      "/dev/rob0" or "not-spam" is in Subject: header
    • Wietse Venema
      ... Indeed, and that is not what tempfail_action = permit does. That explicitly verifies no recipients while the primary is down. I have seen no credible
      Message 41 of 41 , Jul 6, 2011
      • 0 Attachment
        Charlie Orford:
        >I know I am starting to sound like a broken record but I really
        >think a sensible, clean method to run a secondary mx that is capable
        >of verifying recipients and accepting mail (rather than deferring)
        >with or without the primary being up would be a nice feature to
        >have.

        Indeed, and that is not what "tempfail_action = permit" does. That
        explicitly verifies no recipients while the primary is down. I have
        seen no credible report that your verify cache contains information
        about a significant fraction of the recipient population.

        >A postfix feature like: address_verify_sequence =
        >address_verification_polling, relay_recipient_maps

        That is unnecessary complexity: just use relay_recipient_maps and
        be done with it. After all, relay_recipient_maps is the only
        available measure against backscatter when the primary is down,
        and you already have to maintain it anyway.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.