Clarification on meaning of address_verify_positive_refresh_timer

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Clarification on meaning of address_verify_positive_refresh_timer

Damian Lukowski
Hello mailing list,

I would like to understand the address_verify_positive_refresh_timer
parameter. The documentation states:

> The time after which a successful address verification probe needs to
> be refreshed. The address verification status is not updated when the
> probe fails (optimistic caching).
It does not explain what happens with incoming mails that are checked
via reject_unverified_recipient. Lets consider following events with
default timer values:

An incoming mail for recipient X is encountered the first time, i.e.
there is neither a positive nor a negative cache entry. A probe is sent
out and the upstream SMTP accepts the probe. Postfix creates a positive
cache entry for X with a validity of 31 days. The incoming mail is
accepted and forwarded to the upstream SMTP.

Suppose there are no further mails for X for the next 8 days, but the
upstream SMTP has invalidated address X on day 5. On day eight, a mail
for X is again on its way. I understand, that a probe will be sent out,
and because the upstream SMTP rejects the probe, it is considered
failed. However, due to optimistic caching, the address verification
status for X remains positive at least until day 31. But what happens
with mails for X between day 8 and 31? Will they be accepted by Postfix
and then bounced?

Thanks
 ┬áDamian

Reply | Threaded
Open this post in threaded view
|

Re: Clarification on meaning of address_verify_positive_refresh_timer

Wietse Venema
Damian:

> Hello mailing list,
>
> I would like to understand the address_verify_positive_refresh_timer
> parameter. The documentation states:
>
> > The time after which a successful address verification probe needs to
> > be refreshed. The address verification status is not updated when the
> > probe fails (optimistic caching).
> It does not explain what happens with incoming mails that are checked
> via reject_unverified_recipient.

As long as the cached address verification status has not expired,
THE CACHED ADDRESS VERIFICATION STATUS IS NOT UPDATED WHEN A REFRESH
PROBE FAILS.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Clarification on meaning of address_verify_positive_refresh_timer

Damian Lukowski
Hello Wietse,

I cannot say that capslock improves my understanding of this matter. I
am interested in an explicit answer for the last two questions as your
answer still leaves room for interpretation.
> what happens with mails for X between day 8 and 31? Will they be
> accepted by Postfix and then bounced?
Damian

Am 19.10.2018 um 16:29 schrieb Wietse Venema:

>
>>> The time after which a successful address verification probe needs to
>>> be refreshed. The address verification status is not updated when the
>>> probe fails (optimistic caching).
>> It does not explain what happens with incoming mails that are checked
>> via reject_unverified_recipient.
> As long as the cached address verification status has not expired,
> THE CACHED ADDRESS VERIFICATION STATUS IS NOT UPDATED WHEN A REFRESH
> PROBE FAILS.
>
> Wietse

Reply | Threaded
Open this post in threaded view
|

Re: Clarification on meaning of address_verify_positive_refresh_timer

Wietse Venema
Damian:
> Hello Wietse,
>
> I cannot say that capslock improves my understanding of this matter. I
> am interested in an explicit answer for the last two questions as your
> answer still leaves room for interpretation.
> > what happens with mails for X between day 8 and 31? Will they be
> > accepted by Postfix and then bounced?
> Damian

Sorry, I don't have color fonts. Again, Postfix will ignore a failed
refresh probe, From that it follows that Postfix it will keep using
the cached positive result. From that it follows that Postfix will
keep accepting mail for that recipient. From that it follows that
Postfix will try to deliver mail for that recipient. And so on.

If you want to stop accepting mail sooner, you need to configure a
shorter cache expiration time, or configure Postfix to query the
destination's LDAP or whatever account database.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Clarification on meaning of address_verify_positive_refresh_timer

Damian Lukowski
Thank you, this is explicit enough.

Regards
 ┬áDamian

Am 19.10.2018 um 17:57 schrieb Wietse Venema:

> Sorry, I don't have color fonts. Again, Postfix will ignore a failed
> refresh probe, From that it follows that Postfix it will keep using
> the cached positive result. From that it follows that Postfix will
> keep accepting mail for that recipient. From that it follows that
> Postfix will try to deliver mail for that recipient. And so on.
>
> If you want to stop accepting mail sooner, you need to configure a
> shorter cache expiration time, or configure Postfix to query the
> destination's LDAP or whatever account database.
>
> Wietse