Thanks! With reject_unlisted_recipient it indeed works as desired! On Thu, May 13, 2021 at 1:45 AM Wietse Venema <wie...@porcupine.org> wrote: > > Aleksei Shpakovskii: > > Hi, > > > > I would like to verify recipient address before hitting DNS RBL. But > > it seems I'm unable to do this. Am I doing something wrong? > > > > Using 32-bit Postfix 3.6.0-r0 from Alpine inside Docker container. > > > > My main.cf file looks like this: > > > > ##### main.cf ##### > > mydomain=example.net > > compatibility_level=3 > > maillog_file = /dev/stdout > > mydestination=$mydomain > > smtpd_recipient_restrictions = permit_mynetworks, > > permit_sasl_authenticated, > > reject_unauth_destination, > > reject_unverified_recipient, > > reject_rbl_client bogons.cymru.com > > Something has broken reject_unverified_recipient but you should > probably be using reject_unlisted_recipient instead. > > Wietse > > > ##### main.cf ##### > > > > where bogons.cymru.com is DNS RBL which conveniently blocks docker IP > > address (172.17.42.1). > > > > Telnet session (lower in this message) cites the RBL list as a block > > reason, and in the mail log (at the very end of this message) I can > > see a failed attempt to deliver a probe message (unknown user: > > "notauser") before sending a DNS request (Client host [172.17.42.1] > > blocked using bogons.cymru.com) - also note a 3 second delay before > > this log message. > > > > Am I doing something obviously wrong or can it be a quirk of my local > > system (Docker version 1.6.2 on 32-bit Ubuntu 14.04)? If anybody tries > > to reproduce it on different configurations - that might be also > > helpful. > > > > Thanks in advance! > > > > ##### telnet session ##### > > 220 52fca4186025.example.net ESMTP Postfix > > EHLO test.example.com > > 250-52fca4186025.example.net > > 250-PIPELINING > > 250-SIZE 10240000 > > 250-VRFY > > 250-ETRN > > 250-ENHANCEDSTATUSCODES > > 250-8BITMIME > > 250-DSN > > 250-SMTPUTF8 > > 250 CHUNKING > > MAIL FROM:<t...@example.com> > > 250 2.1.0 Ok > > rcpt to:notau...@example.net > > 554 5.7.1 Service unavailable; Client host [172.17.42.1] blocked using > > bogons.cymru.com > > quit > > 221 2.0.0 Bye > > ##### telnet session ##### > > > > ##### mail log ##### > > May 12 22:35:20 52fca4186025 postfix/smtpd[81]: connect from > > unknown[172.17.42.1] > > May 12 22:35:56 52fca4186025 postfix/verify[85]: cache > > lmdb:/var/lib/postfix/verify_cache full cleanup: retained=0 dropped=0 > > entries > > May 12 22:35:56 52fca4186025 postfix/cleanup[86]: CC153163658: > > message-id=<20210512223556.cc153163...@52fca4186025.example.net> > > May 12 22:35:56 52fca4186025 postfix/qmgr[74]: CC153163658: > > from=<double-bou...@52fca4186025.example.net>, size=263, nrcpt=1 > > (queue active) > > May 12 22:35:56 52fca4186025 postfix/local[87]: CC153163658: > > to=<notau...@example.net>, relay=local, delay=0.02, > > delays=0.01/0.01/0/0, dsn=5.1.1, status=undeliverable (unknown user: > > "notauser") > > May 12 22:35:56 52fca4186025 postfix/qmgr[74]: CC153163658: removed > > May 12 22:35:59 52fca4186025 postfix/smtpd[81]: NOQUEUE: reject: RCPT > > from unknown[172.17.42.1]: 554 5.7.1 Service unavailable; Client host > > [172.17.42.1] blocked using bogons.cymru.com; from=<t...@example.com> > > to=<notau...@example.net> proto=ESMTP helo=<test.example.com> > > May 12 22:36:06 52fca4186025 postfix/smtpd[81]: disconnect from > > unknown[172.17.42.1] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4 > > ##### mail log ##### > >
-- Aleksei Shpakovskii Quality Automation Engineer / Release Coordinator CFEngine / Northern.tech
