----- Original Message ----- > From: "Wietse Venema" <wie...@porcupine.org> > To: "Wiebe Cazemier" <wi...@halfgaar.net> > Cc: postfix-users@postfix.org > Sent: Friday, 10 June, 2011 9:37:39 PM > Subject: Re: unverified_recipient_tempfail_action = permit > > Wiebe Cazemier: > > That's why I was asking if it wouldn't be a good idea to have > > 'permit' be a viable option for > > unverified_recipient_tempfail_action. > > unverified_recipient_tempfail_action is triggered when: > > - The backup MX could not reach the primary MX. > > - The primary MX replied with a 4xx response. > > In both cases, the backup MX will not know if the recipient > address is valid. > > > That way, you will not create spam-induced backscatter 99% of the > > time and still function as a proper backup MX. > > No, in both cases, the backup MX will not know if the recipient > address is valid. Therefore, accepting the email can result in > backscatter. > > Your 99% number contradicts current measurements that indicate that > most mail is spam. > > Wietse >
(sorry, misreplied. Replied to the list now) That's not what I meant. I meant that 99% of the time, the primary server will be up and recipient address verification will work to reject (spam) messages to unknown users. Those two scenario's you mentioned are when the primary is down or otherwise deferring. And those cases happen 1% of the time (figure meant to be illustrative). So if you would accept mail when the primary is down, you may very briefly create backscatter, but it allows you to operate a backup MX server without syncing recipient maps, or have any other knowledge about it.