Small edit for clarity.
Wietse
Doug Hardie via Postfix-users:
> Is there a way to configure postfix to drop the email if all the
> providers MTAs return a 5xx response?
We had a problem like that when some people wanted to make TLS
mandatory. The solution was not to bounce mail when a server did
not offer working TLS, but instead to try alternate hosts and only
declare TLS failure when there were no more SMTP servers to try.
Quoting from
https://www.postfix.org/postconf.5.html#default_delivery_status_filter
Note: the (smtp|lmtp)_delivery_status_filter is applied only
once per recipient: when delivery is successful, when delivery
is rejected with 5XX, or when there are no more alternate MX
or A destinations. Use smtp_reply_filter or lmtp_reply_filter
to inspect responses for all delivery attempts.
The idea then is to:
- Leave smtp_skip_5xx_greeting at its default, so that Postfix
will internally map a 544 greeting into a soft 4.0.0 error status.
- Let Postfix try alternate hosts (up to smtp_mx_address_limit or
smtp-mx_session_limit).
- Use smtp_delivery_status_filter to convert the status from the last
connection attempt into a hard 5.0.0 error status, but only if that
response has the expected form.
Untested example:
/etc/postfix/main.cf:
smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
/etc/postfix/smtp_dsn_filter:
/^4(\.\d+\.\d+ IP=.+None.bad reputation.+)/ 5$1
This is a little tricky, because the search string differs from the
remote SMTP server response which has no 4.x.x status code. Postfix
generates that status code internally if the server reply coes not
contain one, and prepends that generated code to the server's response.
If a server replies with a multiline reponse, Postfix will concatenate
the lines into one. Postfix does not respect server-side ASCII art.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
