On 1/19/2015 2:12 PM, Michael Fox wrote: > I have a question about the situation where postfix receives a > connection from a client trying to send to an invalid recipient > address such as u...@nohow.noway.org. > > > > Currently, postfix responds with: > > > > 450 4.1.2 <u...@nohow.noway.org>: Recipient address rejected: Domain > not found
This is really a different question... In your example above, the recipient DOMAIN does not exist. http://www.postfix.org/postconf.5.html#reject_unknown_recipient_domain > > > > What seems reasonable to me is the following: > > -- If postfix receives a response from DNS that the domain does not > exist, then reject with 550 > > -- Otherwise, delay with 450 (DNS failure, etc.) Yes, that is what postfix does. > > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient > says one can use unverified_recipient_reject_code to change the 450 > (temporary) failure to a 550 (permanent) failure “when you trust > Postfix’s judgments”. This is for when your local USER does not exist. Don't use address verification for remote domains. > > 1) Can someone explain what “when you trust Postfix’s judgments” > means, specifically? When you have postfix configured correctly such that you're not getting unexpected "not found" errors. This is an installation safety net and should be changed when things are working correctly. > > 2) What do you gurus do/recommend with > “unverified_recipient_reject_code”? set to 550 after your config is working. There are other *_reject_code settings that default to 450 for installation. Change them to 550 after postfix is working. The things to look out for are problems related to DNS and chroot. > 3) If you do recommend changing “unverified_recipient_reject_code” > to 550, is there anything to watch out for? Before changing to 550, check logs for unexpected 450 rejects. -- Noel Jones