Good morning,
I have found 'reject_unverified_sender' superb at reducing the number of
SPAM messages getting though. I've set up a whitelist for those few
trusted senders or domains where their dopey mail servers' don't comply.
I do have a minor problem with mail servers that do comply, but apply
greylisting.
Originally I omitted 'address_verify_negative_cache =no' from main.cf.
This defaults to 'yes' and sender verification failures were cached
saving a constantly chattering probe relay. Unfortunately it would
appear that this method also caches temporary errors too (those also
being a fail), so when I receive a 471 as part of a greylisting policy,
that message won't be delivered. Postfix will reject when remote server
re-attempts to deliver relying on its cache from the first attempt
rather than sending another dummy message. I have now set the negative
cache to 'no' meaning a retry for every incoming message that hasn't
passed address verification. It is either that or adding all domain that
use greylisting to the whitelist.
Does anyone know if there's a way to exempt / prevent 471 (or other
temporary reject codes) from being cached?
Thanks,
Mick.
- Greylisting with reject_unverified_sender negative cache Mick
-
