Use discard in a check_recipient_access

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Use discard in a check_recipient_access

Lluis Ribes

Hi,

 

Could I use the “DISCARD” word in a check_recipient_access hash: rule? By example:

 

%more /etc/postfix/access

[hidden email] permit_mynetworks,DISCARD

 

or should I use use REJECT word. I don’t want to send error reply if someone sends mail to [hidden email] from out of my networks

 

Thanks in advance

 

LLUÍS RIBES

Laviniainteractiva

www.laviniainteractiva.com

T (34) 93 272 34 10

Pujades 81

Barcelona 08005

 

skype: lluisribesportillo

 

Reply | Threaded
Open this post in threaded view
|

Re: Use discard in a check_recipient_access

mouss-2
Lluis Ribes wrote:

> Hi,
>
>  
>
> Could I use the “DISCARD” word in a check_recipient_access hash: rule? By
> example:
>
>  
>
> %more /etc/postfix/access
>
> [hidden email] permit_mynetworks,DISCARD
>
>  
>
> or should I use use REJECT word. I don’t want to send error reply if someone
> sends mail to [hidden email] from out of my networks
>

use reject. silently discarding mail isn't a good idea. REJECT will
reject the smtp transaction: your postfix won't send anything.
Reply | Threaded
Open this post in threaded view
|

RE: Use discard in a check_recipient_access

Lluis Ribes
Why?

If I want to avoid that the spammer wouldn't receive a response like this:

"but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 <[hidden email]>: Recipient address rejected: Access denied (state 14).

Thanks again!

Lluís

-----Mensaje original-----
De: [hidden email] [mailto:[hidden email]] En nombre de mouss
Enviado el: martes, 04 de noviembre de 2008 14:15
Para: [hidden email]
Asunto: Re: Use discard in a check_recipient_access

Lluis Ribes wrote:

> Hi,
>
>  
>
> Could I use the “DISCARD” word in a check_recipient_access hash: rule? By
> example:
>
>  
>
> %more /etc/postfix/access
>
> [hidden email] permit_mynetworks,DISCARD
>
>  
>
> or should I use use REJECT word. I don’t want to send error reply if someone
> sends mail to [hidden email] from out of my networks
>

use reject. silently discarding mail isn't a good idea. REJECT will
reject the smtp transaction: your postfix won't send anything.

Reply | Threaded
Open this post in threaded view
|

Re: Use discard in a check_recipient_access

Charles Marcus
On 11/4/2008, Lluis Ribes ([hidden email]) wrote:
> If I want to avoid that the spammer wouldn't receive a response like this:
>
> "but it was rejected by the recipient domain. We recommend contacting
> the other email provider for further information about the cause of
> this error. The error that the other server returned was: 554 554
> 5.7.1 <[hidden email]>: Recipient address rejected: Access
> denied (state 14).

He most likely won't, because the sending machine is most likely a
botnet not capable of generating NDRs.

NDRs are not generated by your postfix, but by the original sending MTA...

So, don't worry about it - just use REJECT like mouss suggested...

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|

RE: Use discard in a check_recipient_access

Lluis Ribes
OK!

I'm going to configure REJECT,

Thanks a lot

Lluís

-----Mensaje original-----
De: [hidden email] [mailto:[hidden email]] En nombre de Charles Marcus
Enviado el: martes, 04 de noviembre de 2008 15:47
Para: [hidden email]
Asunto: Re: Use discard in a check_recipient_access

On 11/4/2008, Lluis Ribes ([hidden email]) wrote:
> If I want to avoid that the spammer wouldn't receive a response like this:
>
> "but it was rejected by the recipient domain. We recommend contacting
> the other email provider for further information about the cause of
> this error. The error that the other server returned was: 554 554
> 5.7.1 <[hidden email]>: Recipient address rejected: Access
> denied (state 14).

He most likely won't, because the sending machine is most likely a
botnet not capable of generating NDRs.

NDRs are not generated by your postfix, but by the original sending MTA...

So, don't worry about it - just use REJECT like mouss suggested...

--

Best regards,

Charles

Reply | Threaded
Open this post in threaded view
|

Re: Use discard in a check_recipient_access

mouss-2
In reply to this post by Lluis Ribes
Lluis Ribes wrote:
> Why?
>

because:

- mail loss is bad. The RFC recommends against it (search the RFC for
"frivoulously"). ask those of us who keep criticizing hotmail for such
behaviour.

- with a reject at RCPT time, you don't lose your bandwidth and time
reading the message (the connection is rejected before the DATA command).


> If I want to avoid that the spammer wouldn't receive a response like this:

most spam comes with a forged sender, so the spammer won't see anything.
  other spam is sent by ratware that doesn't care about errors (check
your logs and you'll see them retry even after a reject).

spammers don't have much incentive to read bounces or smtp errors. fire
and forget is more efficient (they don't pay for the resources, or they
don't pay enough to care).

and if spammers obey your rejection and stop spamming that address, then
you should really be happy!

>
> "but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 <[hidden email]>: Recipient address rejected: Access denied (state 14).
>