Matus UHLAR - fantomas via Postfix-users wrote: > On 15.02.24 15:27, Simon Hoffmann via Postfix-users wrote: > > I have a dedicated postfix machine that I use as a smarthost for all my > > outgoing > > email from my internal servers. The smarthost even has only ports 465 and > > 587 > > enabled/opened. > > > > > > Recently we had the case that an internal used composer an email to an > > external > > recipient and had a typo in the domain. > > The internal server currently does no checks but forwards all email for > > external > > recipients to the smarthost. > > > > The smarthost then replied to the internal mailserver with > > > > Out: 450 4.1.2 <user@domain_with_typo.de>: Recipient address rejected: > > Domain not found > > > > Since this was a 4xx tempfail reply, the internal mailserver tried to send > > the email > > over and over and only after 4 hours the internal mailserver send a "mail > > delivery > > delayed" email to the original sender. They then could compose the email > > again with > > the correct recipient address, but since they have no ssh root access to > > the server > > they could not remove the email with typo from the internal server's queue > > and thus > > they got even more "mail delivery delayed" notifications periodically until > > the > > message expired from the queue. > > > > There is two things that bother me: > > > > - it took 4h for the sender to get a notification that the domain was not > > found > > this should be configuable by tuning delay_warning_time
yes, but this setting is "global" in the sense that I cannot restrict the warning time to be short only on "domain not found" or similar errors, and keep it longer on network timeouts or such. Neither Postfix nor my current internal server can make this distinction (and that is okay). Sometimes I take the smarthost offline because I perform maintenance on the underlying proxmox host. These are normally periods shorter than 30 mins thus I want the delay warning to be something bigger than 1h to not annoy the users, but I want the users to know immediately if they have a typo in their domain. > > > - after they "corrected" it by sending a second email with the correct > > address, they > > still got mail delivery delayed notification which leads to confusion if > > they miss > > the fact that the mail with the type was delayed, and instead think their > > new mail > > is delayed again because something is wrong > > Your user sent two mails, one to wrong address and got a deferral then a > timeout. > It's hard to solve this technically, if user can't look what address failed Sure. But even I needed to read the delay warning email my user showed me several times until i finally found the typo in the address. Having the internal server generate new warning mails after the new email has been sent (because the old mail is still in the queue because it was never officially rejected) only leads to confusion. Furthermore, since the subject says "mail delayed" the user might not even read the explanation in the body of the notification and realise that they have a typo in their recipient domain. So having the smarthost postfix permfail an email sent to a domain that does not exist means the internal user gets the notification immediately and the notification contains "failed" instead of "delayed" and the internal server does not try to send the mail over and over. > > > so tldr: can I change unknown_address_reject_code to a perm fail on a > > server thats only purpose is > > to send outgoing mails, without any unwanted effects resulting from this > > change? > > (that means the behaviour of postfix on this machine would exactly be the > > same with > > or without the change with the only difference that emails with typos would > > be > > rejected with a permfail) > > I have done this on my servers. I believe it's better when senders know > immediately that the address is not deliverable. exactly. But did you experience any unwanted side effects like the server permfailing email because of dns timeouts or something? > > > Note that you need to do this on your smarthost, not on the internal server. of course. That's where I intended it to do > Also, you can configure domain verification on that internal servers and I > recommend doing so. Currently no, as the internal server is not Postfix. Sorry, I forgot to mention that. > > > You can hypotetically override the code from your smarthost on your internal > mail server by using smtp_delivery_status_filter but you must be damn > careful about that. Same thing, internal server is not postfix. :) Besides, I am pretty sure I dont want to mess with that. :) Thanks! Cheers, Simon
signature.asc
Description: PGP signature
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org