On 4/18/2013 4:26 AM, Mikael Bak wrote: > Hi Josef, > > On 04/18/2013 11:06 AM, Josef Karliak wrote: >> Good morning, >> our outgoing smtp server gets into a backscatter blacklist. When I >> checked my logs, there were only one mailer daemon email to some server >> in the time that is mentioned on the backscatter web. >> In all servers in the way of the email (incoming MX->antispam server-> >> our imap server) has unknown_local_recipient_reject_code = 550. >> What else could I do ? There could be one thing - incoming MX accept >> all emails for our domain, he doesn't know our aliases. The mail is send >> to antispam and when antispam wanna sent the email to imap server and >> the target email address doesn't exists, it has 550 error and it is send >> away by our antispam server (it is our outgoing server). >> So, is this all wrong ? We decided to have more servers because of >> loading reasons (we've daily up to 15 000 emails, but there were a 60 >> 000 peak) > > You can have "reject_unverified_recipient" on the MX to check the IMAP > server if the email address exists before accepting it.
To be clear Josef, reject_unverified_recipient performs recipient address verification via an SMTP RCPT TO test. See: http://www.postfix.org/postconf.5.html#reject_unverified_recipient You state your MX Postfix server relays all mail to the AS appliance which accepts everything regardless of recipient address, which is why you're in trouble currently. Verification queries will be sent to the AS box, so reject_unverified_recipient will not work in your setup. To fix your problem you must have some form of recipient validation at the MX so it only accepts mail for valid mailbox addresses and rejects mail to invalid addresses. You have a couple of options: 1. Export the valid recipient list from the mailbox server to the MX server with one address per line in a text file. Create an access table from this file with OK action. Use check_recipient_access: http://www.postfix.org/postconf.5.html#check_recipient_access 2. Implement an LDAP or mysql database containing valid addresses. This can be used with check_recipient_access, local_recipient_maps, virtual_mailbox_maps, etc. For implementation details of each see: http://www.postfix.org/postconf.5.html -- Stan
