Re: Avoid Sender checking

• Previous message: Robert Felber: "Re: SASL for use with dynamic IP relaying"
• Maybe in reply to: Magnus Bäck: "Re: Avoid Sender checking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Salvador Ramirez wrote:
>
> I can't do that because I don't have the administration of all the
> recipient smtp servers, mainly speaking of one server which is an exchange
> server, where when one creates a user is difficult to me to figure out an
> automatic method to keep the list of addresses always up to date.

You _must_ implement recipient validation, otherwise, you will generate
backscatter (see the backscatter readme), and you will then be a good
candidate for blocklisting.

if you agree with the above, then you'll see that you should fix your
design. not only the postfix machine, but also the mx.

For exchange, Look at the "MS Exchange Integration" section on
http://www.postfix.org/docs.html, or better get the BoP (book of postfix)

If you can't get the lists of recipients (for one or all the servers),
then use recipient address verification (as has been suggested):

smtpd_recipient_restrictions =
        ...
        permit_mynetworks
        reject_unauth_destination
        check_recipient_access hash:$config_directory/rav_relay
        ...

and in rav_relay put:
domain.example reject_unverified_recipient
.domain.example reject_unverified_recipient
other.example reject_unverified_recipient
.other.example reject_unverified_recipient

then postfix will ask your final server whether the address exists
before accepting email.

do something similar on your mx of course.

• Previous message: Robert Felber: "Re: SASL for use with dynamic IP relaying"
• Maybe in reply to: Magnus Bäck: "Re: Avoid Sender checking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]