Re: smtpd_reject_unlisted_recipient and reject_unlisted_recipient behavior
post...@ptld.com: > >> Or does reject_unlisted_recipient get disabled completely > >> when smtpd_reject_unlisted_recipient=no? > > > > You can then use "reject_unlisted_recipient" explicitly at > > the appropriate stage in the recipient restrictions. > > > Okay, I understand why doing any of this in DATA is bad and I should have > realized that. > > Just to clarify in trying to achieve my end goal, is there any way > to get milters to run before postfix would evaluate > reject_unlisted_recipient in the RCPT command? No. If Postfix rejects information then Postfix will not pass it to Milters. Otherwise, Milters would get out of sync with Postfix. I recently added a section on this in the Postfix documentation. https://www.postfix.org/MILTER_README.html#when-inspect Wietse
Re: smtpd_reject_unlisted_recipient and reject_unlisted_recipient behavior
Or does reject_unlisted_recipient get disabled completely when smtpd_reject_unlisted_recipient=no? You can then use "reject_unlisted_recipient" explicitly at the appropriate stage in the recipient restrictions. Okay, I understand why doing any of this in DATA is bad and I should have realized that. Just to clarify in trying to achieve my end goal, is there any way to get milters to run before postfix would evaluate reject_unlisted_recipient in the RCPT command?
Re: smtpd_reject_unlisted_recipient and reject_unlisted_recipient behavior
On Tue, Jan 31, 2023 at 11:30:59PM -0500, post...@ptld.com wrote: > I am looking to understand if I misinterpreted the documentation or if this > is an issue with postfix. > > main.cf > smtpd_reject_unlisted_recipient = no > smtpd_data_restrictions = reject_unlisted_recipient This won't work for multi-recipient messages. > My intention is to prevent postfix from rejecting invalid recipients > at the RCPT command and only reject them at the DATA command. Sorry, that's not supported, and not semantically possible. You'd end up rejecting the entire message, valid recipients and all, which even if that's what you want is not a sound approach. In any case Postfix smtpd(8) does not buffer up all the recipients in memory to run the restriction for each in turn at the data stage. > user (virtual_mailbox_maps) on the same valid domain > (virtual_mailbox_domains). Just to be clear, a valid user would be > ad...@example.com, the alias created was al...@example.com -> > f...@example.com. There is no valid user f...@example.com in > virtual_mailbox_maps. Also, Postfix recipient validation is "shallow", existing aliases to non-existent users will be accepted. > I assumed smtpd_data_restrictions=reject_unlisted_recipient would have > caught this and rejected the mail before sending it to LMTP. Nope, that's not how it works. > Was it supposed to? No. > Or does reject_unlisted_recipient get disabled completely > when smtpd_reject_unlisted_recipient=no? You can then use "reject_unlisted_recipient" explicitly at the appropriate stage in the recipient restrictions. > Is it possible to have the behavior I am expecting? Only with a policy server, that buffers up the recipients, and does something at the data stage in response to a policy query. -- Viktor.
smtpd_reject_unlisted_recipient and reject_unlisted_recipient behavior
I am looking to understand if I misinterpreted the documentation or if this is an issue with postfix. main.cf smtpd_reject_unlisted_recipient = no smtpd_data_restrictions = reject_unlisted_recipient My intention is to prevent postfix from rejecting invalid recipients at the RCPT command and only reject them at the DATA command. (Because I want a milter to run before mail is rejected for unknown recipients.) The reason I set smtpd_reject_unlisted_recipient=no is because when set to yes it will reject at the RCPT command before milters run. I then assumed smtpd_data_restrictions=reject_unlisted_recipient would reject invalid recipients at the DATA stage. I created an alias (virtual_alias_maps) that points to a non-existent user (virtual_mailbox_maps) on the same valid domain (virtual_mailbox_domains). Just to be clear, a valid user would be ad...@example.com, the alias created was al...@example.com -> f...@example.com. There is no valid user f...@example.com in virtual_mailbox_maps. Postfix accepted delivery of the email sent to al...@example.com and handed it off the LMTP for f...@example.com. LMTP rejected delivery to the non-existent address causing postfix to then send out a backscatter bounce message exposing the alias target f...@examle.com to the original sender. I assumed smtpd_data_restrictions=reject_unlisted_recipient would have caught this and rejected the mail before sending it to LMTP. Was it supposed to? Or does reject_unlisted_recipient get disabled completely when smtpd_reject_unlisted_recipient=no? Is it possible to have the behavior I am expecting?