Gábor Lénárt wrote:
On Wed, Jan 21, 2009 at 12:38:28PM -0600, Noel Jones wrote:
[...]
Also sounds as if you don't have a valid recipient list for these
customers. Not OK. Your queue is likely filled with lots of
undeliverable mail to unknown recipients, and undeliverable bounces to
bogus senders, plus you're sending out backscatter to innocent parties.
This will get you blacklisted.
The solution is two steps.
First, if you can't get a valid recipient list you can use address
verification so that you don't accept mail to bogus users in the first
place. This is really important.
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
Thanks, I'm using address verification at some places but not here, because
of the really difficult situation in this case, I haven't mentioned some
overcomplexities yet :( But you're right, of course that's the long term
goal. However I was also curious that there's any possibility in postfix to
do anything I wanted, even if it's not the right solution. Well at least I
have more reasons to clean up things here.
Using address verification will help you here anyway, as it will solve
your particular problem of mails building up in the queue on your
servers. Instead, they'll build up in the queue on the sending servers,
as yours will pass on the 450 code and cause your server to defer
acceptance from the sender. That may be a problem for them, but it isn't
a problem for you (and, if the mails are coming from a variety of
different sources, isn't going to be a significant problem for any
single server). And, in the process, you've also stopped yourself being
a backscatter source, which is good.
That doesn't, of course, solve your client's problem of your system
repeatedly retrying, as yours will retry the verification every time the
sender retries to send to your machine. But, unless that alone is
putting your machine under significant load, that isn't really your
problem - it's theirs, and if they can't fix their faulty configuration
then they're just going to have to live with it.
There is a general principle here that, when dealing with misconfigured
servers either upstream or downstream from your own, your priority
should be to eliminate or minimise any problems that their errors are
causing to you. It's not your task to reconfigure your server so as to
provide them with a workaround to their own errors. The only exception
to this is when they are explicitly paying you to fix their problem for
them, in which case you do need to find whatever solution is possible.
But you're still limited by what is possible and what will not cause
secondary issues for yourself or your other clients. Sometimes, you just
have to say "no".
Mark
