Jeff:
> On Tue, Aug 19, 2008 at 2:16 PM, Wietse Venema <[EMAIL PROTECTED]> wrote:
> > Jeff:
> >> I want the back-end to tell the front-end gateway 550 for
> >> [EMAIL PROTECTED], but I want it to tell my other internal MTAs OK,
> >> whilst not breaking regular recipient verification.
> >
> > Reject [EMAIL PROTECTED] on the FRONT_END host.
> >
> > smtpd_recipient_restrictions =
> > check_recipient_access hash:/etc/postfix/access
> > ...stuff...
> > reject_unauth_destination
> > ...stuff...
> > reject_unverified_recipient
> > ...stuff...
> >
> > /etc/postfix/access
> > [EMAIL PROTECTED] reject
> >
>
> Except that the front end is a mail gateway APPLIANCE.
Surely it has a blacklist option, if only to stop a sudden flood
of mail on some innocent person's mailbox.
Doing client-dependent recipient blacklisting on an inside host
would involve a dedicated smtpd service on a dedicated IP address
or port in master.cf for the front-end host, plus some incredibly
ugly stuff im main.cf and master.cf that gives me a headache, and
that your colleagues would hate you forever for if they have to
solve a problem with it.
Wietse
> It is
> linux/postfix based, but has many proprietary additions and it is not
> intended to be customized outside what is made available in it's web
> interface. I have asked the vendor for a new feature to do SMTP level
> rejects based on a blacklist, but they have not commented on it and
> currently offer only the aforementioned relay to back-end SMTP
> recipient verification or bounce notifications based on a front-end
> blacklist.We currently use the bounce option, but it is generating
> back-scatter to our postmaster address. My other option on the gateway
> is to just be a black-hole for these private addresses (accept, but
> neither deliver nor notify) but I see that as an ill-behaved way to
> run a mail service.
>
> Yes, the appliance has some imperfections, but generally does just
> what we need. Thus I am trying to solve this problem with back-end
> recipient verification.
>
> --
> Jeff
>
>
