Re: unverified_recipient_tempfail_action = permit
> On Mon, 4 Jul 2011 04:48:44 -0700 (PDT)The current state does not have that problem.
> Charlie Orford articulated:
> > unverified_recipient_tempfail_action = permit? would have solved this
> > problem with the small penalty of a brief period of potential
> > backscatter.
> The "potential backscatter" is enough to turn me off on the proposal.
> Now, if you could develop something that did not involve that problem
> then I think it might be given a warmer welcome by the community. Then
> again, that is my own 2? on the matter.
With unverified_recipient_tempfail_action=defer_if_permit or defer,
Postfix will pass mail for recipients that were cached less than
31 days ago. In addition, Postfix attempts to refresh recipients
after 7 days so that active recipients never expire.
If a recipient is not cached, then a tempfail_action of permit
results in backscatter which is not safe. If this is a concern,
increase the address_verify_positive_expire_time so that Postfix
never expires a recipient. If a recipient never receives email,
then it is not a problem if mail is delayed by a few hours.
- Charlie Orford:
>I know I am starting to sound like a broken record but I reallyIndeed, and that is not what "tempfail_action = permit" does. That
>think a sensible, clean method to run a secondary mx that is capable
>of verifying recipients and accepting mail (rather than deferring)
>with or without the primary being up would be a nice feature to
explicitly verifies no recipients while the primary is down. I have
seen no credible report that your verify cache contains information
about a significant fraction of the recipient population.
>A postfix feature like: address_verify_sequence =That is unnecessary complexity: just use relay_recipient_maps and
be done with it. After all, relay_recipient_maps is the only
available measure against backscatter when the primary is down,
and you already have to maintain it anyway.