Doug Hardie via Postfix-users: > Is there a way to configure postfix to drop the email if all the > providers MTAs return a 5xx response?
We had a problem like that when some people wanted to make TLS mandatory. The solution was not to bounce mail when a server did not offer working TLS, but instead to defer deliveries and only declare TLS failure when there were no more SMTP servers to try. Quoting from https://www.postfix.org/postconf.5.html#default_delivery_status_filter Note: the (smtp|lmtp)_delivery_status_filter is applied only once per recipient: when delivery is successful, when delivery is rejected with 5XX, or when there are no more alternate MX or A destinations. Use smtp_reply_filter or lmtp_reply_filter to inspect responses for all delivery attempts. The idea then is to: - Leave smtp_skip_5xx_greeting at its default, so that Postfix will internally map a 544 greeting into a soft 4.0.0 error status. - Let Postfix try alternate hosts (up to smtp_mx_address_limit or smtp-mx_session_limit). - Use smtp_delivery_status_filter to convert the status from the last connection attempt into a hard 5.0.0 error status, but only if that response has the expected form. Untested example: /etc/postfix/main.cf: smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter /etc/postfix/smtp_dsn_filter: /^4(\.\d+\.\d+ IP=.+None.bad reputation.+)/ 5$1 This is a little tricky, because the search string differs from the remote SMTP server response which has no 4.x.x status code. Postfix generates that status code internally if the server reply coes not contain one, and prepends that generated code to the server's response. If a server replies with a multiline reponse, Postfix will concatenate the lines into one. Postfix does not respect server-side ASCII art. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
