[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: postgrey и sender verification

On Fri, 18 Mar 2016 11:55:19 +0300
Artem Chuprina <ran@lasgalen.net> wrote:

> Vasiliy P. Melnik -> Victor Wagner  @ Fri, 18 Mar 2016 10:33:44 +0200:
> 
>  VPM> К сожалению не знаю как в постфиксе, у меня экзим, но верифай
>  VPM> это отдельная процедура, и у меня в экзиме она расположена
>  VPM> должна быть просто раньше грейлистинга  
> 
> Так верифай на одном конце, а грейлистинг на другом :)
> 
> Но вообще мне казалось, что sender verify должен производиться от
> имени <> (в смысле mail from: <>).  А не от какого попало.

А вот оказывается, нынче это не так: 


By default, Postfix probe messages have a sender address "double-bounce@$myorigin" (with Postfix versions before 2.5, the default is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP server does not reject mail for this address.

You can change the probe sender address into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with mis-configured sites that reject MAIL FROM: <>, while probes from "double-bounce@$myorigin" would succeed.

The downside of using a non-empty sender address is that the address may end op on spammer mailing lists. Although Postfix always discards mail to the double-bounce address, this still results in wasted network bandwidth and server capacity. To defeat address harvesting, Postfix 2.9 and later support time-dependent sender addresses when you specify a non-zero address_verify_sender_ttl value.



http://www.postfix.org/ADDRESS_VERIFICATION_README.html

>
Reply to: