Re: postgrey и sender verification
On Fri, 18 Mar 2016 11:55:19 +0300
Artem Chuprina <ran@lasgalen.net> wrote:
> Vasiliy P. Melnik -> Victor Wagner @ Fri, 18 Mar 2016 10:33:44 +0200:
>
> VPM> К сожалению не знаю как в постфиксе, у меня экзим, но верифай
> VPM> это отдельная процедура, и у меня в экзиме она расположена
> VPM> должна быть просто раньше грейлистинга
>
> Так верифай на одном конце, а грейлистинг на другом :)
>
> Но вообще мне казалось, что sender verify должен производиться от
> имени <> (в смысле mail from: <>). А не от какого попало.
А вот оказывается, нынче это не так:
By default, Postfix probe messages have a sender address "double-bounce@$myorigin" (with Postfix versions before 2.5, the default is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP server does not reject mail for this address.
You can change the probe sender address into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with mis-configured sites that reject MAIL FROM: <>, while probes from "double-bounce@$myorigin" would succeed.
The downside of using a non-empty sender address is that the address may end op on spammer mailing lists. Although Postfix always discards mail to the double-bounce address, this still results in wasted network bandwidth and server capacity. To defeat address harvesting, Postfix 2.9 and later support time-dependent sender addresses when you specify a non-zero address_verify_sender_ttl value.
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
>
Reply to: