Re: Understanding reject_unknown_(recipient|sender)_domain

Tue, 25 Oct 2016 16:36:12 -0700 

Many thanks for the concise explanation Bill!


On 2016-10-25 13:05, Bill Cole wrote:

On 25 Oct 2016, at 15:15, mro...@insiberia.net wrote:


On 2016-10-25 07:00, Bill Cole wrote:

On 25 Oct 2016, at 2:04, mro...@insiberia.net wrote:


Hi,
Reading the postconf explanation of reject_unknown_recipient_domain and reject_unknown_sender_domain, I'm having trouble understanding where these find their use.
For incoming mail: The first test criteria for both is that Postfix not be the final destination for the recipient/sender domain, so when Postfix is not set up with a catchall and rejects unknown users, am I correct to think there is no use for these here? 

Not exactly. It isn't very helpful to group these 2 restrictions
together despite their similar names, because they act on completely
independent attributes of a SMTP transaction.
Fair enough, and you've nicely explained the usefulness (albeit limited in this day and age) of reject_unknown_sender_domain.
However, can you speak to reject_unknown_recipient_domain? Trying to re-think but I can't find a scenario where it would be redundant. ?? 

If a user provides a "To:" address to their mail client with an
unresolvable domain, Postfix will reject it immediately, when the user
attempts to send the message if reject_unknown_recipient_domain is in
smtp_recipient_restrictions (or any other smtpd_*_restrictions list,
if smtpd_delay_reject is enabled.)

If reject_unknown_recipient_domain is not in any restriction list,
Postfix will accept the message provided the user has done whatever
else is required to relay, such as successful authentication. It will
defer the message for later retry, and retry repeatedly until the
message has been queued for maximal_queue_lifetime (5 days, by
default.) If the domain becomes resolvable before Postfix gives up,
then the message will get delivered.

Because unresolvable domains in recipient addresses are usually due to
user error (i.e. incorrect entry of an address) it is usually better
to have the attempt to send such a message fail immediately instead of
taking 5 days to fail. That also allows the failure to be handled by
the user's mail client rather than having Postfix send the user a DSN
message documenting the failure in precise but not entirely
user-friendly detail.

Reply via email to