[postfix-users] reject_unverified_recipient

[Uwe Driessen]

On Behalf Of Christopher Stolzenberg
> 
> 
> Hi,
> 
> danke. Das leuchtet mir ein.
> 
> Also darf ich reject_unverified_recipient nur auf die Domains anwenden
> für die mein Postfix zuständig ist?
> Meine relay_domains?

RTFM

Lt DNS kommen eh nur diese Adressen zu dir.
Steht ein anderer Domainanteil im to  wie die für du zuständig bist und du würdest die
annehmen und transportieren dann wärst du ein offenes Relay.



> 
> Wenn ein Spammer das machen würde:
> 
> MAIL FROM: xyz at spammer.com
> und
> RCPT TO: <test at example.net>
> 
> würde mein Postfix Server bei dem Mailserver von example.net
> überprüfen ob es die Adresse test at example.net gibt?

Wenn du für example.net zuständig bist, im DNS als MX eingetragen dann ja andernfalls
würdest du diese Mail nie sehen.


> 
> Obwohl ich mit der Domain example.net gar nichts zu tun habe?

NEIN dann nicht (Ausnahme wäre relayversuche die aber anders abgefangen werden) 


> 
> Ich habe gedacht das reject_unverified_recipient wendet Postfix nur
> auf die relay_domains an?
> Also muss ich es mit smtpd_recipient_restrictions =
> check_recipient_access machen weil ich ja nur die relay_domains die

Nö 
check_recipient_access type:table 
Search the specified access(5) database for the resolved RCPT TO address, domain, parent
domains, or localpart@, and execute the corresponding action


> der Firma gehören überprüfen will.


reject_unverified_recipient 
Reject the request when mail to the RCPT TO address is known to bounce, or when the
recipient address destination is not reachable. Address verification information is
managed by the verify(8) server; see the ADDRESS_VERIFICATION_README file for details. 

The unverified_recipient_reject_code parameter specifies the numerical response code when
an address is known to bounce (default: 450, change into 550 when you are confident that
it is safe to do so). 
The unverified_recipient_defer_code parameter specifies the numerical response code when
an address probe failed due to a temporary problem (default: 450). 
The unverified_recipient_tempfail_action parameter specifies the action after addres probe
failure due to a temporary problem (default: defer_if_permit). 
This feature is available in Postfix 2.1 and later. 
Other restrictions that are valid in this context: 

Generic restrictions that can be used in any SMTP command context, described under
smtpd_client_restrictions. 
SMTP command specific restrictions described under smtpd_client_restrictions,
smtpd_helo_restrictions and smtpd_sender_restrictions. 
Example: 

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient (default: yes)
Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even
when no explicit reject_unlisted_recipient access restriction is specified. This prevents
the Postfix queue from filling up with undeliverable MAILER-DAEMON messages. 


An address is always considered "known" when it matches a virtual(5) alias or a
canonical(5) mapping. 

The recipient domain matches $mydestination, $inet_interfaces or $proxy_interfaces, but
the recipient is not listed in $local_recipient_maps, and $local_recipient_maps is not
null. 
The recipient domain matches $virtual_alias_domains but the recipient is not listed in
$virtual_alias_maps. 
The recipient domain matches $virtual_mailbox_domains but the recipient is not listed in
$virtual_mailbox_maps, and $virtual_mailbox_maps is not null. 
The recipient domain matches $relay_domains but the recipient is not listed in
$relay_recipient_maps, and $relay_recipient_maps is not null. 
This feature is available in Postfix 2.1 and later. 



Mit freundlichen Grüßen

Drießen

-- 
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: +49 06708 / 660045   Fax: +49 06708 / 661397