Don't bounce unverified recipients upon 4xx errors.

We don't want to bounce messages for which the recipient(s)' MTA replies
451 due to some greylisting in place.  We would like to accept 451
alone, but unfortunately it's not possible to bounce unverified
recipients due to DNS or networking errors.

1 files changed, 1 insertions, 2 deletions

diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index 331753a..068a225 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -81,42 +81,41 @@ smtpd_tls_dh1024_param_file     = /etc/ssl/private/dhparams.pem
 smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
 smtpd_tls_received_header       = yes
 smtpd_tls_ask_ccert             = yes
 
 # SASL
 smtpd_sasl_auth_enable          = yes
 smtpd_sasl_authenticated_header = no
 smtpd_sasl_local_domain         =
 smtpd_sasl_exceptions_networks  = $mynetworks
 smtpd_sasl_security_options     = noanonymous, noplaintext
 smtpd_sasl_tls_security_options = noanonymous
 broken_sasl_auth_clients        = yes
 smtpd_sasl_type                 = dovecot
 smtpd_sasl_path                 = unix:private/dovecot-auth
 
 
 strict_rfc821_envelopes = yes
 smtpd_delay_reject      = yes
 disable_vrfy_command    = yes
 
-# UCE control
-unknown_client_reject_code       = 554
+unverified_recipient_defer_code  = 250
 unverified_recipient_reject_code = 550
 
 smtpd_client_restrictions =
     permit_sasl_authenticated
     reject
 
 smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     reject_invalid_helo_hostname
 
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
     reject_unknown_sender_domain
 
 smtpd_relay_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject
 
 smtpd_recipient_restrictions =