Yes, that's what the docs say.
450 = default, defer mail if the address can't be verified.
250 = if the address can't be verified, accept it anyway. Not
recommended.
So, summarizing. (And, please, correct me before doing a wrong change
in my config file):
My current server now is a backscatter source, because it accepts mail
to ANY recipient address for the domains listed in relay_domains
(domains I'm work as a secondary MX for).
By adding the following to my main.cf, I'll check RCPT TO addresses
against primary MX, except when PRIMARY MX doesn't answer. In that case,
I'll accept any destination for my relay_domains list, just like I was
doing before adding those lines:
address_verify_map = btree:/var/lib/postfix/verify
address_verify_positive_refresh_time = 14d
unverified_recipient_defer_code = 250
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
(...)
reject_unverified_recipient,
permit
If the above is true, I'm in a "better" state than before: when the
primary MX works, I reject "non existing accounts", and when it does not
work, I accept ALL (as I was doing).
Is that right?
Thanks.
