On 15.02.24 15:27, Simon Hoffmann via Postfix-users wrote:
I have a dedicated postfix machine that I use as a smarthost for all my outgoing
email from my internal servers. The smarthost even has only ports 465 and 587
enabled/opened.
Recently we had the case that an internal used composer an email to an external
recipient and had a typo in the domain.
The internal server currently does no checks but forwards all email for external
recipients to the smarthost.
The smarthost then replied to the internal mailserver with
Out: 450 4.1.2 <user@domain_with_typo.de>: Recipient address rejected: Domain
not found
Since this was a 4xx tempfail reply, the internal mailserver tried to send the
email
over and over and only after 4 hours the internal mailserver send a "mail
delivery
delayed" email to the original sender. They then could compose the email again
with
the correct recipient address, but since they have no ssh root access to the
server
they could not remove the email with typo from the internal server's queue and
thus
they got even more "mail delivery delayed" notifications periodically until the
message expired from the queue.
There is two things that bother me:
- it took 4h for the sender to get a notification that the domain was not found
this should be configuable by tuning delay_warning_time
- after they "corrected" it by sending a second email with the correct address,
they
still got mail delivery delayed notification which leads to confusion if they
miss
the fact that the mail with the type was delayed, and instead think their new
mail
is delayed again because something is wrong
Your user sent two mails, one to wrong address and got a deferral then a
timeout.
It's hard to solve this technically, if user can't look what address failed
so tldr: can I change unknown_address_reject_code to a perm fail on a server
thats only purpose is
to send outgoing mails, without any unwanted effects resulting from this change?
(that means the behaviour of postfix on this machine would exactly be the same
with
or without the change with the only difference that emails with typos would be
rejected with a permfail)
I have done this on my servers. I believe it's better when senders know
immediately that the address is not deliverable.
Note that you need to do this on your smarthost, not on the internal server.
Also, you can configure domain verification on that internal servers and I
recommend doing so.
You can hypotetically override the code from your smarthost on your internal
mail server by using smtp_delivery_status_filter but you must be damn
careful about that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
