Hello Andreas,
Had some users complaining about mailboxes (and catch-alls) they created
were not accepting e-mails - Postfix, due to caching, was rejecting the
e-mail as if the mailbox wouldn't exist (apparently due to a fact
someone was trying to send an e-mail to that mailbox before it even
existed - maybe spammer, maybe a legit user).
The below statement I'm not 100% sure about as I was playing with
multiple config options, will have to check this again, however:
I believe I also played with negative_refresh_time (setting it to 1s),
however I think what was happening was that e-mail was 450 deferred
(address ver. in prog.) for the first time the sender connected and
tried to deliver to already neg. cached address. Only afterwards the
cache was refreshed - causing the e-mail to defer with 450 once.
This would have caused delays in delivery (or lost e-mails with bad
implementations) and more complaints from users saying there is a
problem with e-mails.
Anyways, I really believe there is a bug with
address_verify_negative_cache = no implementation.
Thank you.
Best regards,
Jozef.
On 15. 10. 2017 12:50, A. Schulze wrote:
Am 14.10.2017 um 23:23 schrieb Jozef Matický:
Hello,
I've been struggling with this for about a week now.
In smtpd_recipient_restrictions I have reject_unverified_recipient.
For recipient address verification I'm using Dovecot's LMTP.
Everything is working as expected when address_verify_negative_cache = yes -
unknown recipients are rejected with 550 (NOQUEUE: reject), for known the mail
is delivered.
The problem I have is when I set address_verify_negative_cache = no.
It goes like this:
- Sender connects to Postfix
+ Postfix is checking address with Dovecot
+ Dovecot responds (almost instantly) with 550 5.1.1 User doesn't exist;
status=undeliverable-but-not-cached
- Above + points are repeated as many as address_verify_poll_count times (in my
case 5 times, with default it happened 3 times)
- Postfix then replies to sender with 450 Recipient address rejected:
unverified address: Address verification in progress.
- After a while sender is trying to deliver the same e-mail again and the same
thing is happening - it is deffered with 450
- This goes on and on and on
It looks like when there is status=undeliverable-but-not-cached Postfix is
trying to verify the recipient address address_verify_poll_count times and
doesn't understand the Dovecot's 550 reply
(status=undeliverable-but-not-cached), after which it should reject sender with
550 (NOQUEUE: reject).
Am I doing something wrong or is this some kind of a bug?
The reason I'm trying to turn off negative cache is due to the catch-all.
For example, user is trying to send an email to mailbox that doesn't exist. The
e-mail will be rejected with 550.
Then user creates a catch-all for the domain and will send e-mail to the same
address.
Due to the negative cache it again will be rejected with 550 despite the fact
there now is catch-all configured.
This is with Postfix 3.2.3 which I just upgraded from 3.1.6 (on which it was
exactly the same). I also have unverified_recipient_reject_code = 550 set.
If something else is needed, like logs or postconf, please let me know.
Don't want to spam mailing list if this is a problem between the chair and the
keyboard.
Josef,
Could you explain why you completely disable address_verify_negative_cache?
I personally would only shorten address_verify_negative_refresh_time if caching
would be an issue.
Andreas
Thank you.
