OT postfix recipient verification

Sun Jan 10 16:31:26 GMT 2010

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
> Sent: 06 January 2010 23:43
> To: MailScanner discussion
> Subject: Re: OT postfix recipient verification
> 
> 2010/1/6 Jason Ede <J.Ede at birchenallhowden.co.uk>:
> >> -----Original Message-----
> >> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-
> >> bounces at lists.mailscanner.info] On Behalf Of Steve Freegard
> >> Sent: 06 January 2010 18:58
> >> To: MailScanner discussion
> >> Subject: Re: OT postfix recipient verification
> >>
> >> On 06/01/10 18:10, Jason Ede wrote:
> >> > Recipient verification has been working fine for years, but we've
> >> just
> >> > had a problem crop up. Someone is sending status/error emails from
> >> their
> >> > webserver back to their office. Some of the emails primary 'to'
> >> address
> >> > is to someone who has left, but the other recipients are still
> valid.
> >> > Recipient verification still rejects the email. Is there a way
> round
> >> > this without having to run another postfix instance and split the
> >> email
> >> > up into emails?
> >>
> >> That doesn't sound right at all.   How are you doing the
> verification?
> >> via the verify daemon?
> >
> > Verification is via the receipt verification within postfix. I've a
> btree database file as per the postfix docs.
> >
> >
> >> Recipient verification should only affect the invalid recipient and
> >> shouldn't affect the other valid recipients unless the senders
> server
> >> is
> >> so poorly implemented and gives up sending the entire message as
> soon
> >> as
> >> one of the recipients is rejected...
> >
> > I've not had any of the bounces yet, but am trying to get hold of
> them. I've had to whitelist their server from greylisting as it doesn't
> seem to handle it very well. All I know of the server itself is that it
> uses a Microsoft SMTP service.
> >
> >
> >> Maybe you could provide an example?
> >
> > When I get an actual bounce I'll know a lot more.
> >
> Unless M$ managed to botch even that, this sounds like a bit of FUD
> from your users:-). It's as Steve says. the recipient verification
> simply can't (or at least SHOULDN'T) have the effect described, at
> least not for a true MTA. The good thing is that ANY problem is
> squarely in THEIR court. Make sure to mention that any problems
> incurred is due to their systems misbehavior, and that anything you do
> to fix it is a pure courtesy;-).

I've checked both our mail servers as thoroughly as I can, and recipient verification is working as it should do and no matter how many bad addresses are there it finds and allows mail through to valid users from the to, cc and bcc field. The only issue on our system is that I found the recipient verification code (for non-existent addresses) on one of our servers was 450, which I've changed to 550.

For now they've fixed the problem by removing all their invalid addresses and I've suggested the idea of a distribution list for all of their future web server work as it makes life much easier for both us and them and they seem to think it was a great idea and wondered why they hadn't thought of that before.

I've not been able to get hold of one of their bounce messages that didn't get through and looking back at the smtp logs it seems that verification was done ok on all addresses that it was requested on. Suspect a problem at their end, possibly in the mail generation.

Jason