Re: unverified_recipient_tempfail_action = permit
- On Mon, Jul 04, 2011 at 04:48:44AM -0700, Charlie Orford wrote:
> unverified_recipient_tempfail_action = permit would have solvedThat "small penalty" sure is a down side. If I would provide backup
> this problem with the small penalty of a brief period of potential
> Where is the down side?
service for someone else, I would absolutely insist that the primary
must never reject my mail for that domain. Let THEM be the spammer,
If you're intent on this, you can implement it yourself with simple
scripts. Best would be a small policy service, but a shell script
running from crontab would suffice.
The cron job would check to see if the primary MX is reachable, and
exit if so. A check_recipient_access lookup for the backup domain
would return "defer" or "defer_if_permit". If the primary MX is not
available, the access map would be changed to return "dunno".
The cron job continues checking availability of the primary MX, and
changes the access map back, and optionally runs "postfix flush",
when the primary MX comes back.
A policy service could do the same thing in real time, without the
possible delay of the cron job interval. It could also flag clients
as likely spammers when they attempt to deliver to the backup domain
while the primary MX is up.
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
- Charlie Orford:
>I know I am starting to sound like a broken record but I reallyIndeed, and that is not what "tempfail_action = permit" does. That
>think a sensible, clean method to run a secondary mx that is capable
>of verifying recipients and accepting mail (rather than deferring)
>with or without the primary being up would be a nice feature to
explicitly verifies no recipients while the primary is down. I have
seen no credible report that your verify cache contains information
about a significant fraction of the recipient population.
>A postfix feature like: address_verify_sequence =That is unnecessary complexity: just use relay_recipient_maps and
be done with it. After all, relay_recipient_maps is the only
available measure against backscatter when the primary is down,
and you already have to maintain it anyway.