On Mon, 30 Jan 2012 21:50:52 +0000, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> On Mon, Jan 30, 2012 at 09:26:42PM +0000, Mark Alan wrote: > > > > > Is there any other way to make the postscreen/postfix > > > > combination temporarily defer all incoming emails with '450 > > > > 4.3.2 Service currently unavailable' (in order to give us some > > > > time to migrate the postfix server to some other IP) ? > > Just turn off the SMTP listener. This functionally identical to a > 4.X.X reject and saves resources on both client and server. Thank you Viktor, In this particular setup I really need to have the server answering: "Don't worry, I am alive but right now I am not able to accept your email", i.e., 450 Service currently unavailable > > > The documentation for the "postscreen_access_list" parameter. > > > > Would the following be an acceptable way to do it? > > postconf -e 'postscreen_access_list = reject' > > postconf -e 'soft_bounce = yes' > > Only if this is documented. The soft_bounce parameter is listed on > the postscreen(8) manpage, this is perhaps a sufficient promise to > match user expectations and so I would expect it to work. Sadly it does not. Although postscreen marks it as BLACKLISTED, then tlsproxy kicks in and lets the email pass: Jan 30 23:12:36 mx postfix/postscreen[11975]: CONNECT from [74.125.82.181]:61868 Jan 30 23:12:36 mx postfix/postscreen[11975]: BLACKLISTED [74.125.82.181]:61868 Jan 30 23:12:42 mx postfix/tlsproxy[11978]: CONNECT from [74.125.82.181]:61868 Jan 30 23:12:42 mx postfix/tlsproxy[11978]: setting up TLS connection from [74.125.82.181]:61868 Jan 30 23:12:42 mx postfix/tlsproxy[11978]: Anonymous TLS connection established from [74.125.82.181]:61868: TLSv1 with cipher RC4-SHA (128/128 bits) > This said, it is far simpler to turn off SMTP service. > # postconf -e 'master_service_disable = inet' > # postfix reload That is true. I too prefer to keep setups simpler (and near to the default configuration). But in this particular setup it does not help at making my server send, to every connection attempt, a 450 Service currently unavailable . Again, thank you Viktor for your time. M.
