Address verification ONLY on startup (i.e., "pinging" external addresses)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Address verification ONLY on startup (i.e., "pinging" external addresses)

dave@powerstandards.com
Hi,

I am using postfix on an embedded device.  Incoming email access is
limited to a very short whitelist, and there is a very short list of
potential recipients.  The system is very secure and quite efficient:
that's why I picked postfix.

What I'd like to do is check on a postfix start or reload that these few
addresses are reachable *before* I do things like set up firewalls, etc.,
then stop sending out probes at all.  Basically, I want to ping the email
address and notify admins (via some channel) that an email address
reachable or not.

I've read theADDRESS_VERIFICATION_README and can't quite figure out what
is even relevant to my problem, and know that that may not even be the
best route for "pinging".

What would be the most common way to do this?  It's perfectly possible I'm
missing something painfully obvious here.

Note: a relay_host is usually involved.

Thanks,

Dave




Reply | Threaded
Open this post in threaded view
|

Re: Address verification ONLY on startup (i.e., "pinging" external addresses)

Viktor Dukhovni
On Thu, Apr 03, 2014 at 02:00:36PM -0500, [hidden email] wrote:

> What I'd like to do is check on a postfix start or reload that these few
> addresses are reachable *before* I do things like set up firewalls, etc.,
> then stop sending out probes at all.  Basically, I want to ping the email
> address and notify admins (via some channel) that an email address
> reachable or not.

        /usr/sbin/sendmail -f bounce-address -bv probe-address

Will trigger a connection to the nexthop relay of the probe address
and an incomplete mail transaction (through "RCPT TO").  The results
will be returned to bounce-address (if not empty), and recorded in
the mail log.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Address verification ONLY on startup (i.e., "pinging" external addresses)

dave@powerstandards.com
Pfft!

Of course!

Thanks!

D.

> On Thu, Apr 03, 2014 at 02:00:36PM -0500, [hidden email] wrote:
>
>> What I'd like to do is check on a postfix start or reload that these few
>> addresses are reachable *before* I do things like set up firewalls,
>> etc.,
>> then stop sending out probes at all.  Basically, I want to ping the
>> email
>> address and notify admins (via some channel) that an email address
>> reachable or not.
>
> /usr/sbin/sendmail -f bounce-address -bv probe-address
>
> Will trigger a connection to the nexthop relay of the probe address
> and an incomplete mail transaction (through "RCPT TO").  The results
> will be returned to bounce-address (if not empty), and recorded in
> the mail log.
>
> --
> Viktor.
>


Reply | Threaded
Open this post in threaded view
|

Re: Address verification ONLY on startup (i.e., "pinging" external addresses)

dave@powerstandards.com
Well, it seems I spoke too soon.

If the target domain is bad, e.g.

[hidden email]

the mail is marked is returned as
undeliverable with all the proper bells.

But if only the user is bad, e.g.

[hidden email]

the domain just sends back "250 Accepted", Status: 2.0.0, Action: deliverable

which is no different than for a good email address.

I have tried setting:

address_verify_relayhost=

in the main.cf, but when I monitor the log after
running the sendmail -bv command, I still see the mail
being relayed through the relay server.

Thanks again.

Dave



> Pfft!
>
> Of course!
>
> Thanks!
>
> D.
>
>> On Thu, Apr 03, 2014 at 02:00:36PM -0500, [hidden email] wrote:
>>
>>> What I'd like to do is check on a postfix start or reload that these
>>> few
>>> addresses are reachable *before* I do things like set up firewalls,
>>> etc.,
>>> then stop sending out probes at all.  Basically, I want to ping the
>>> email
>>> address and notify admins (via some channel) that an email address
>>> reachable or not.
>>
>> /usr/sbin/sendmail -f bounce-address -bv probe-address
>>
>> Will trigger a connection to the nexthop relay of the probe address
>> and an incomplete mail transaction (through "RCPT TO").  The results
>> will be returned to bounce-address (if not empty), and recorded in
>> the mail log.
>>
>> --
>> Viktor.
>>
>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Address verification ONLY on startup (i.e., "pinging" external addresses)

Wietse Venema
[hidden email]:
> But if only the user is bad, e.g.
> [hidden email]
> the domain just sends back "250 Accepted",

If the receiving host can't reject non-existent recipients, then
there is NO WAY for the sending Postfix server to determine that
the username is bad. If Postfix could predict that, then I would
be very, very, rich.

        Wietse