Postfix Address Verification

Glenn Steen glenn.steen at gmail.com
Wed Jun 27 09:01:58 IST 2007 

On 27/06/07, Drew Marshall <drew at technologytiger.net> wrote:
>
> On 27 Jun 2007, at 03:12, Seamus Allan wrote:
>
>  Gareth wrote:
>  See
> http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users
> Thats what I do and it works very well.
>
> Just make sure Exchange is configured to reject mail to unknown
> recipients. If you cant do that then there are other ways such as using
> LDAP to regularly pull out a list of valid addresses from exchange,
>
> On Mon, 2007-06-25 at 23:24, Jody Cleveland wrote:
>
>
>  Hello,
>
> I've got a RedHat 5 server with Postfix and MailScanner. This server checks
> all incoming mail and then forwards it on to an Exchange server. I'm looking
> for a way to verify recipients without touching active directory. Will
> either of these work at all?
>
> smtpd_recipient_restrictions = reject_unauth_destination
> smtpd_recipient_restrictions = reject_unverified_recipient
>
> - jody
>
>
>  I am curious about this; it seems to make very good sense to do this (and
> will in fact cut down the number of bounces created by my mail gateway
> MailScanner machine), but I wonder how much more work has to be done by
> Postfix to accomplish this.
>
> It's a lot less than trying to keep running the mail queue that's full of
> undeliverable bounce notifications. Reject unknown recipients at SMTP stage
> will mean that you don't have to use your bandwidth to download the full
> message, process it through MailScanner & SpamAssassin, deliver or attempt
> to deliver somewhere else, create the bounce notification and attempt to
> deliver this bounce using your bandwidth. If it's not deliverable then keep
> retrying for x number of days and re-examining the message in the queue to
> work out when it must keep trying.
>
> In comparison any form of db look up from hashed file to SQL or LDAP is
> really cheap. Couple that with one or two other tricks such at proxying for
> SQL for example (To retain connections) and you really have very little
> overhead at all. In fact there are other checks that are more work, such as
> RBL look ups that are much more work.
>
> Drew

(Chiming in with Drew here:)
Not to mention that you will remove yourself from being a potential
"spam reflector" (NDN-spam thing)... And cut down on the risk of being
blacklisted (when one of your bounces hit a honeypot for one of the
more agressive BLs)... Small downside with recipient verification is
that your address-base might get mapped out, but... that is worth it,
compared to the alternative.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list