| |
-
When verifying a remote address, Postfix probes the nearest
MTA for that address, without actually delivering mail to it. If
the nearest MTA accepts the address, then Postfix assumes that the
address is deliverable. In reality, mail for a remote address can
bounce AFTER the nearest MTA accepts the recipient address.
-
Some sites may blacklist you when you are probing them
too often (a probe is an SMTP session that does not deliver mail),
or when you are probing them too often for a non-existent address.
This is one reason why you should use sender address verification
sparingly, if at all, when your site receives lots of email.
-
Normally, address verification probe messages follow the
same path as regular mail. However, some sites send mail to the
Internet via an intermediate
relayhost; this breaks address
verification. See below, section
"Controlling
the routing of address verification probes", for how to override
mail routing and for possible limitations when you have to do this.
-
Postfix assumes that an address is undeliverable when the
nearest MTA for the address rejects the probe, regardless of the
reason for rejection (client rejected, HELO rejected, MAIL FROM
rejected, etc.). Thus, Postfix rejects mail when the sender's MTA
rejects mail from your machine. This is a good thing.
-
Unfortunately, some major sites such as YAHOO do not reject
unknown addresses in reply to the RCPT TO command, but report a
delivery failure in response to end of DATA after a message is
transferred. Postfix address verification does not work with such
sites.
-
By default, Postfix probe messages have "postmaster@$
myorigin"
as the sender address. This is SAFE because the Postfix SMTP server
does not reject mail for this address.
You can change this into the null address ("
address_verify_sender
="). This is UNSAFE because address probes will fail with
mis-configured sites that reject MAIL FROM: <>, while
probes from "postmaster@$
myorigin" would succeed.
|
|
