postfix tightening

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, 2005-04-01 at 16:26 -0500, Chris Mauritz wrote:
> Personally, I reject mail from any server with broken DNS.  It's 
> extremely low hanging fruit to avoid a lot of spam from zombie PCs in 
> Asia/Eastern Europe.  You also might want to consider using the various 
> freely available RBL sites to eliminate known naughty hosts/networks.  
> After mail runs this gauntlet, I pass it through CRM114 and have reduced 
> the spam that makes it to my mailbox to a couple of messages a week. 
> 
> Here's the relevant lines from my postfix config:
> 
> maps_rbl_reject_code = 571
> smtpd_helo_required = yes
> smtpd_delay_reject = no
> allow_untrusted_routing = no
> disable_vrfy_command = yes
> #
> maps_rbl_domains =
>         relays.ordb.org,
>         opm.blitzed.org,
>         list.dsbl.org,
>         sbl.spamhaus.org,
>         cbl.abuseat.org,
>         dul.dnsbl.sorbs.net
> 
> smtpd_recipient_restrictions =
>         reject_invalid_hostname,
>         reject_non_fqdn_hostname,
>         reject_non_fqdn_sender,
>         reject_non_fqdn_recipient,
>         reject_unknown_sender_domain,
>         reject_unknown_recipient_domain,
>         permit_mynetworks,
>         reject_unauth_destination,
>         reject_maps_rbl,
>         permit
> 
> smtpd_data_restrictions =
>         reject_unauth_pipelining,
>         permit
> 
> stale_lock_time = 120
> default_rbl_reply = $rbl_code Service denied; blocked
> 
----
wow - that's a pretty impressive list - curiously, no
smtpd_helo_restrictions but I am gathering that you figure that the
smtpd restrictions would cover that.

Is the above suitable for an office mail server or is this for one
person who is less concerned about fringe stuff that may get rejected?

Craig


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux