SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001861: reject_unverified_recipient does not work because of permit_mx_backup - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001861Endian FirewallProxy SMTPpublic2009-05-07 14:312009-10-27 11:59
Reporterpeter-endian 
Assigned Tosimon-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-rc3 
Target Version2.3Fixed in Version2.3 
Summary0001861: reject_unverified_recipient does not work because of permit_mx_backup
Descriptionreject_unverified_recipient is the mechanism which verifies if a recipient email address exists on the real mail server behind the smtp proxy by trying to deliver, and reject instantly if the real mailserver rejects.

reject_unverified_recipient is placed after permit_mx_backup, which makes reject_unverified_recipient useless, because permit_mx_backup would always accept, since permit_mx_backup accepts not only for domains which which the local smtp proxy is backup mx, but also for forwarded domains configured in relay_domains, which in our case are all domains we accept.

now, permit_mx_backup is before reject_unverified_recipient, because otherwise, when the smtp proxy acts as backup mx, every mail for which he is backup mx would be verified on the primary mx.
That would make the backup mx senseless, because if the primary mx is down, the backup mx would discard the incoming mail temporarily, rather than queue, because it is not possible to verify the recipient on the primary mx. The

so.. i think those two options are mutual exclusive in our kind of setup.

i think the solution would be:
- to remove permit_mx_backup, since it makes not much sense,
  when we always need to configure each primary mx domain as relay domain in
  incomin domain. that will work also without permit_mx_backup, due to
  reject_unauth_destination
- make reject_unverified_recipient a user configurable option, which is
  on by default. If one uses the smtp proxy as backup mx he may or may not
  disable this feature in order to make the backup mx queue when primary is
  down.
TagsNo tags attached.
Attached Files

- Relationships
child of 0001922closedpeter-endian SMTP Proxy changes for 2.3 - meta ticket 

-  Notes
(0002299)
peter-endian (administrator)
2009-05-07 14:48

postfix template is modified.

gui needs a checkbox (in advanced) something like "Recipient address verification"
which toggles (on/off) VERIFY_RECIPIENTS
(0002769)
simon-endian (developer)
2009-07-22 01:13

now gui has the checkbox

- Issue History
Date Modified Username Field Change
2009-05-07 14:31 peter-endian New Issue
2009-05-07 14:48 peter-endian Note Added: 0002299
2009-05-27 09:28 peter-endian Assigned To => simon-endian
2009-05-27 09:28 peter-endian Target Version future => 2.3
2009-06-09 16:42 peter-endian Relationship added child of 0001922
2009-07-22 01:13 simon-endian Note Added: 0002769
2009-07-22 01:13 simon-endian Status new => resolved
2009-07-22 01:13 simon-endian Fixed in Version => 2.3
2009-07-22 01:13 simon-endian Resolution open => fixed
2009-10-27 11:59 peter-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker