From: Clunk Werclick <mailbacku...@googlemail.com> Reply-to: mailbacku...@googlemail.com Cc: postfix-users@postfix.org Subject: Re: relay_domains vs virtual_mailbox_domains Date: Tue, 08 Sep 2009 09:28:36 +0100 Mailer: Evolution 2.24.3
On Tue, 2009-09-08 at 08:52 +0100, Steve Heaven wrote: > On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote: > > > > > You should not accept mail for invalid recipients. Use existing > > functionality to build a cache/database of valid recipients "on the fly". > > See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient > > We have no way of knowing if the recipient address is valid or not as > we are only acting as a relay for the final destination. > We cannot build a database of recipients on the fly as that > information is held on the various servers of our clients, to which we > do not have access. > Please forgive the bluntness - and drifting off a bit as I've not seen all of this; If you are acting as a relay and not able to verify the final recipients exist - you will quickly run into serious problems and side effects. Postfix provides a probing/discovery mechanism that spares you the need to build maps - it's not ideal when compared to the sheer speed of SQL, MAPS or LDAP, but it exists - so there is no excuse to accept mail for invalid recipients with Postfix. The link given tells you how this 'probing' works. Failing to verify final recipients means you will probably accept mail that is sequentially refused, leaving you holding the baby and having to bounce it. (Old Chinese Proverb say, man who gives 250 OK to SMTP, take ownership and responsibility). With invalid recipients, the sender is usually forged and as your relay has nothing left to do but bounce the message, your IP(s) are going to become really unpopular *fast*, and probably have it blacklisted in no time at all. This is, of course, not only limited to invalid recipients. Accepting any kind of mail for a destination that cannot be delivered gives the same problem. Perhaps the recipient is valid, but the destination refused the message because of the content/spam. You end up holding the baby again. If you really need the ability to catch all without bounce then the final destination needs to absolutely white list everything your throw at it - regardless of recipient or content. That is most certainly *not* ideal without some serious UCE measures on the relay itself. In commercial solutions I have seen, RELAYS have held the message and not given a 250 until the final destination has taken it -or- (less ideal) taken the message and put it into an 'outbound' Postfixen where it is retried for 48-72 hours. This gives the Relay admin time to see it and liase with the final destination host admin. This would be a real headache if you wind up with thousands of messages in the queue for invalid recipients, bringing us full circle to the topic once more. Good luck with what it is you are doing. -- ----------------------------------------------------------- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.