Thanks, it was the reject_unverified_recipient. Now it is working... 2008/10/6 Brian Evans - Postfix List <[EMAIL PROTECTED]>: > Nicolás Velásquez O. wrote: >> Hello, >> >> We receive a high volume of mail for non nonexistent mailboxes, so we >> want to prevent Postfix's SMTP probes to the nearest MTA, we just want >> to use localfile or LDAP queries. I've attached the postconf -n and >> some tests I've done, any help is appreciated. >> > > You are asking Postfix to do this. See below > > Also, please use example.(com|net|org) instead of "domain". >> 2. When mailbox doesn't exist: >> - checks File. >> - checks LDAP. >> - Asks via SMTP if the mailbox exists >> - After a lag (1-2 seconds), returns "450 4.1.1 >> <[EMAIL PROTECTED]>: Recipient address rejected: >> unverified address: Address verification in progress" >> Telnet test output: >> mailx5:~ # telnet localhost 25 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> 220 mailx5.domain.org ESMTP Postfix >> EHLO mailx5.domain.org >> 250-mailx5.domain.org >> 250-PIPELINING >> 250-SIZE 5250000 >> 250-ETRN >> 250-ENHANCEDSTATUSCODES >> 250-8BITMIME >> 250 DSN >> MAIL FROM: [EMAIL PROTECTED] >> 250 2.1.0 Ok >> RCPT TO: [EMAIL PROTECTED] >> 450 4.1.1 <[EMAIL PROTECTED]>: Recipient >> address rejected: unverified address: Address verification in progress >> >> > > What to the logs say on the mail5 machine? It should not delay on such a > request since that is your setup. > >> Here is the output from postconf -n > > [...] >> smtpd_recipient_restrictions = reject_unverified_recipient >> reject_non_fqdn_recipient reject_unauth_destination >> reject_unknown_recipient_domain reject_unlisted_recipient >> check_recipient_access pcre:/etc/postfix/recipients_checks.pcre >> check_policy_service unix:private/policy-spf reject_rbl_client >> zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net >> reject_rbl_client dnsbl.njabl.org >> > > reject_unverified_recipient up front means "For everything not in a map, > verify by SMTP". > Since you have map files, why include a SMTP check anyway? > > > You really should have reject_unauth_destination first (if you don't > trust mynetworks). > This is due to anyone who queries your server for open relay. You will > ask the entire internet for any address given up front, even if it's not. > > > Brian > >
-- Nicolás Velásquez O. Genève, Suisse Mobile +41.797976460
