From 45743fcc30ad310da0ef306d6319face3604ac4d Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 15 May 2017 23:31:13 +0200
Subject: Use blackhole subdomain for sender addresses of verify probes.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

These addresses need to be accepted on the MX:es, as recipients
sometimes phone back during the SMTP session to check whether the sender
exists.

Since a time-dependent suffix is added to the local part (cf.
http://www.postfix.org/postconf.5.html#address_verify_sender_ttl) it's
not enough to drop incoming mails to ‘double-bounce@fripost.org’, and
it's impractical to do the same for /^double-bounce.*@fripost\.org$/.
---
 roles/MSA/templates/etc/postfix/main.cf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/MSA/templates')

diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index cbd5264..f5f0834 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -80,7 +80,7 @@ strict_rfc821_envelopes = yes
 smtpd_delay_reject      = yes
 disable_vrfy_command    = yes
 
-address_verify_sender            = $double_bounce_sender@$mydomain
+address_verify_sender            = $double_bounce_sender@noreply.$mydomain
 address_verify_sender_ttl        = 24h
 unverified_recipient_defer_code  = 250
 unverified_recipient_reject_code = 550
-- 
cgit v1.2.3