Don't bounce unverified recipients upon 4xx errors.

We don't want to bounce messages for which the recipient(s)' MTA replies
451 due to some greylisting in place.  We would like to accept 451
alone, but unfortunately it's not possible to bounce unverified
recipients due to DNS or networking errors.

1 files changed, 1 insertions, 0 deletions

diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2
index 968e977..333e72e 100644
--- a/roles/out/templates/etc/postfix/main.cf.j2
+++ b/roles/out/templates/etc/postfix/main.cf.j2
@@ -51,40 +51,41 @@ smtp_tls_security_level         = may
 smtp_tls_note_starttls_offer    = yes
 smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
 
 relay_clientcerts               = cdb:$config_directory/relay_clientcerts
 smtpd_tls_security_level        = may
 smtpd_tls_exclude_ciphers       = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
 smtpd_tls_cert_file             = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
 smtpd_tls_key_file              = /etc/postfix/ssl/{{ ansible_fqdn }}.key
 smtpd_tls_dh1024_param_file     = /etc/ssl/private/dhparams.pem
 smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
 smtpd_tls_received_header       = yes
 smtpd_tls_ask_ccert             = yes
 smtpd_tls_session_cache_timeout = 3600s
 smtpd_tls_fingerprint_digest    = sha256
 
 
 strict_rfc821_envelopes = yes
 smtpd_delay_reject      = yes
 disable_vrfy_command    = yes
 
+unverified_recipient_defer_code  = 250
 unverified_recipient_reject_code = 550
 
 smtpd_client_restrictions =
     permit_mynetworks
     permit_tls_clientcerts
     # We are the only ones using this proxy, but if things go wrong we
     # want to know why
     defer
 
 smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     reject_invalid_helo_hostname
 
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
 
 smtpd_relay_restrictions =
     permit_mynetworks
     permit_tls_clientcerts
     reject