SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
|Anonymous | Login||2022-05-26 14:14 UTC|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001861||Endian Firewall||Proxy SMTP||public||2009-05-07 14:31||2009-10-27 11:59|
|Target Version||2.3||Fixed in Version||2.3|
|Summary||0001861: reject_unverified_recipient does not work because of permit_mx_backup|
|Description||reject_unverified_recipient is the mechanism which verifies if a recipient email address exists on the real mail server behind the smtp proxy by trying to deliver, and reject instantly if the real mailserver rejects.|
reject_unverified_recipient is placed after permit_mx_backup, which makes reject_unverified_recipient useless, because permit_mx_backup would always accept, since permit_mx_backup accepts not only for domains which which the local smtp proxy is backup mx, but also for forwarded domains configured in relay_domains, which in our case are all domains we accept.
now, permit_mx_backup is before reject_unverified_recipient, because otherwise, when the smtp proxy acts as backup mx, every mail for which he is backup mx would be verified on the primary mx.
That would make the backup mx senseless, because if the primary mx is down, the backup mx would discard the incoming mail temporarily, rather than queue, because it is not possible to verify the recipient on the primary mx. The
so.. i think those two options are mutual exclusive in our kind of setup.
i think the solution would be:
- to remove permit_mx_backup, since it makes not much sense,
when we always need to configure each primary mx domain as relay domain in
incomin domain. that will work also without permit_mx_backup, due to
- make reject_unverified_recipient a user configurable option, which is
on by default. If one uses the smtp proxy as backup mx he may or may not
disable this feature in order to make the backup mx queue when primary is
|Tags||No tags attached.|
postfix template is modified.
gui needs a checkbox (in advanced) something like "Recipient address verification"
which toggles (on/off) VERIFY_RECIPIENTS
|now gui has the checkbox|
|2009-05-07 14:31||peter-endian||New Issue|
|2009-05-07 14:48||peter-endian||Note Added: 0002299|
|2009-05-27 09:28||peter-endian||Assigned To||=> simon-endian|
|2009-05-27 09:28||peter-endian||Target Version||future => 2.3|
|2009-06-09 16:42||peter-endian||Relationship added||child of 0001922|
|2009-07-22 01:13||simon-endian||Note Added: 0002769|
|2009-07-22 01:13||simon-endian||Status||new => resolved|
|2009-07-22 01:13||simon-endian||Fixed in Version||=> 2.3|
|2009-07-22 01:13||simon-endian||Resolution||open => fixed|
|2009-10-27 11:59||peter-endian||Status||resolved => closed|
|Copyright © 2000 - 2012 MantisBT Group|