From:
Clunk Werclick
<mailbacku...@googlemail.com>
Reply-to:
mailbacku...@googlemail.com
Cc:
postfix-users@postfix.org
Subject:
Re: relay_domains
vs
virtual_mailbox_domains
Date:
Tue, 08 Sep 2009
09:28:36 +0100
Mailer:
Evolution 2.24.3
On Tue, 2009-09-08 at 08:52 +0100, Steve Heaven wrote:
> On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote:
>
> >
> > You should not accept mail for invalid recipients. Use existing
> > functionality to build a cache/database of valid recipients "on the
fly".
> > See:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
>
> We have no way of knowing if the recipient address is valid or not as
> we are only acting as a relay for the final destination.
> We cannot build a database of recipients on the fly as that
> information is held on the various servers of our clients, to which we
> do not have access.
>
Please forgive the bluntness - and drifting off a bit as I've not seen
all of this; If you are acting as a relay and not able to verify the
final recipients exist - you will quickly run into serious problems and
side effects.
Postfix provides a probing/discovery mechanism that spares you the need
to build maps - it's not ideal when compared to the sheer speed of SQL,
MAPS or LDAP, but it exists - so there is no excuse to accept mail for
invalid recipients with Postfix. The link given tells you how this
'probing' works.
Failing to verify final recipients means you will probably accept mail
that is sequentially refused, leaving you holding the baby and having to
bounce it. (Old Chinese Proverb say, man who gives 250 OK to SMTP, take
ownership and responsibility). With invalid recipients, the sender is
usually forged and as your relay has nothing left to do but bounce the
message, your IP(s) are going to become really unpopular *fast*, and
probably have it blacklisted in no time at all.
This is, of course, not only limited to invalid recipients. Accepting
any kind of mail for a destination that cannot be delivered gives the
same problem. Perhaps the recipient is valid, but the destination
refused the message because of the content/spam. You end up holding the
baby again.
If you really need the ability to catch all without bounce then the
final destination needs to absolutely white list everything your throw
at it - regardless of recipient or content. That is most certainly *not*
ideal without some serious UCE measures on the relay itself.
In commercial solutions I have seen, RELAYS have held the message and
not given a 250 until the final destination has taken it -or- (less
ideal) taken the message and put it into an 'outbound' Postfixen where
it is retried for 48-72 hours. This gives the Relay admin time to see it
and liase with the final destination host admin. This would be a real
headache if you wind up with thousands of messages in the queue for
invalid recipients, bringing us full circle to the topic once more.
Good luck with what it is you are doing.
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
