<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Drew Marshall wrote:
<blockquote
cite="mid:33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net"
type="cite">
<div>On 27 Jun 2007, at 03:12, Seamus Allan wrote:</div>
<div><br class="Apple-interchange-newline">
<blockquote type="cite"> Gareth wrote:
<blockquote
cite="mid:1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk"
type="cite">
<pre wrap="">See
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users">http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users</a>
Thats what I do and it works very well.
Just make sure Exchange is configured to reject mail to unknown
recipients. If you cant do that then there are other ways such as using
LDAP to regularly pull out a list of valid addresses from exchange,
On Mon, 2007-06-25 at 23:24, Jody Cleveland wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello,
I've got a RedHat 5 server with Postfix and MailScanner. This server checks
all incoming mail and then forwards it on to an Exchange server. I'm looking
for a way to verify recipients without touching active directory. Will
either of these work at all?
smtpd_recipient_restrictions = reject_unauth_destination
smtpd_recipient_restrictions = reject_unverified_recipient
- jody
</pre>
</blockquote>
<pre wrap=""><!----> </pre>
</blockquote>
I am curious about this; it seems to make very good sense to do this
(and will in fact cut down the number of bounces created by my mail
gateway MailScanner machine), but I wonder how much more work has to be
done by Postfix to accomplish this. <br>
</blockquote>
<br>
</div>
<div>It's a lot less than trying to keep running the mail queue
that's full of undeliverable bounce notifications. Reject unknown
recipients at SMTP stage will mean that you don't have to use your
bandwidth to download the full message, process it through MailScanner
& SpamAssassin, deliver or attempt to deliver somewhere else,
create the bounce notification and attempt to deliver this bounce using
your bandwidth. If it's not deliverable then keep retrying for x number
of days and re-examining the message in the queue to work out when it
must keep trying.</div>
<div><br class="webkit-block-placeholder">
</div>
<div>In comparison any form of db look up from hashed file to SQL or
LDAP is really cheap. Couple that with one or two other tricks such at
proxying for SQL for example (To retain connections) and you really
have very little overhead at all. In fact there are other checks that
are more work, such as RBL look ups that are much more work.</div>
<div><br class="webkit-block-placeholder">
</div>
<div>Drew</div>
<br>
-- <br>
In line with our <a moz-do-not-send="true"
href="http://www.technologytiger.net/policy">policy</a>, this message
has been scanned for <br>
viruses and dangerous content by the Technology Tiger MailScanner.
<br>
Further information can be found at <a moz-do-not-send="true"
href="http://www.technologytiger.net/policy">www.technologytiger.net/policy</a>
<br>
<br>
Technology Tiger Limited is registered in Scotland with registration
number: 310997
<br>
Registered Office 55-57 West High Street Inverurie AB51 3QQ
</blockquote>
Hi<br>
<br>
It seems after implementing this that I am having a lot of spam stopped
at MTA level - this is very good.<br>
However, the next morning I came in to discover that some of the
domains we host were not getting any email.<br>
I used telnet to pretend to have a fake session with the smtp server,
and interestingly, when trying to do a rcpt <a class="moz-txt-link-abbreviated" href="mailto:to:user@brokendomain.com">to:user@brokendomain.com</a>, I
get the following error message.<br>
450 <a class="moz-txt-link-rfc2396E" href="mailto:user@brokendomain.com"><user@brokendomain.com></a>: Recipient address rejected: Domain
not found<br>
Why is this happening? How come that Postfix is able to look into the
transport map and check the next server in line to see whether the user
is valid for most of the domains, but not for some. Is there a
misconfiguration somewhere? Is the verify map full or something?<br>
<br>
Any help would be appreciated<br>
<br>
<br>
Cheers<br>
<br>
Seamus
<div class="moz-signature">-- <br>
<p class="MsoNormal"><strong><span
style="font-size: 10pt; font-family: Gautami;" lang="EN-NZ">Seamus
Allan</span></strong><span style="font-family: Gautami;" lang="EN-NZ"><br>
</span><span style="font-size: 8pt; font-family: Gautami;" lang="EN-NZ">Network
Engineer<br>
Rheel Electronics Ltd<br>
Phone +64-3-386 3070 Fax +64-3-386-3071<br>
<st1:place w:st="on"><st1:City w:st="on">Mobile</st1:City></st1:place>
+64-21-178-2980<br>
<a class="moz-txt-link-abbreviated" href="mailto:seamus@rheelweb.co.nz">seamus@rheelweb.co.nz</a> <br>
<a class="moz-txt-link-abbreviated" href="http://www.rheel.co.nz">www.rheel.co.nz</a></span><span style="font-family: Gautami;" lang="EN-NZ">
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="" lang="EN-NZ"><o:p> </o:p></span></p>
<span style="font-size: 12pt; font-family: "Times New Roman";"
lang="EN-NZ"> This e-mail together with
any attachments is confidential, may be subject to legal privilege and
may
contain proprietary information, including information protected by
copyright.
If you are not the intended recipient, please do not copy, use or
disclose this
e-mail; please notify us immediately by return e-mail and then delete
this
e-mail.</span></div>
</body>
</html>