On 4/28/2013 7:33 PM, Viktor Dukhovni wrote: > On Sun, Apr 28, 2013 at 06:52:09PM -0500, Stan Hoeppner wrote: > >>>> defer_unauth_destination etc.. is the default safety net for >>>> sites that haven't set smtpd_relay_restrictions >>> >>> ah, i remembered correct it was set by "postfix upgrade-configuration" >>> at the bottom of "main.cf", maybe the "safety net" should be the >>> same as "postconf -d" which is "reject_unauth_destination"? >> >> What practical difference do you see between these two reject codes? >> The client in this transaction is almost certainly not an MTA. It's >> most likely rat/malware, which typically either: > > There is an important difference, which is why the defer variant > is used as a safety net, and the use-case is precisely when the > client is an MTA.
Apparently I didn't make my point clear, which is that a hard fail isn't necessary here, and that a temp fail is preferable to cover all client types. I think Reindl was advocating a hard fail. I was countering his argument. And again, he could have prevented this discussion entirely with a simple, safe, effective, client restriction, that up until now I assumed *everyone* uses. -- Stan
