Am 26.11.2010 19:48, schrieb Mike Fedyk:
> On Tue, Nov 16, 2010 at 11:49 AM, Rob Kampen <rkampen@xxxxxxxxxxxxxxxxx> wrote:
>> Hi list,
>> I have noted over the last week or so my DNS servers are dumping lots of
>> messages for bogus domain lookups. Examining the postfix queue with
>> postqueue -p: I see many
>> (Host or domain name not found. Name service error for
>> name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)
>> Jake@xxxxxxxxxxxxxxxxxxxxxxx
>> My question - why does this stay in the message queue - why not dumped back
>> with message undeliverable or dropped?
>> I understand this is probably related to my config - which follows:
>> <main.cf>
>
>
> Here's what you want (copied from my config):
Not really - because the shown part of the Postfix config is doubtful.
> maps_rbl_reject_code = 450
> non_fqdn_reject_code = 450
Why a temporary DSN? You want those to come back again and again and
again ...?
> smtpd_delay_reject = yes
Running the default of a delayed reject, why then splitting up the
smtpd_*_restrictions causing plenty of tests to be run more than 1 time?
> smtpd_helo_required = yes
>
> smtpd_helo_restrictions =
> reject_unauth_pipelining
> permit_sasl_authenticated
> permit_mynetworks
> reject_invalid_hostname
> reject_non_fqdn_hostname
Can lead to a lot of rejects for legitimate senders.
> reject_unknown_helo_hostname
> permit
>
> smtpd_sender_restrictions =
> reject_unauth_pipelining
> reject_non_fqdn_sender
> reject_non_fqdn_recipient
Again in smptd_recipient_restrictions.
> reject_unknown_recipient_domain
Again in smptd_recipient_restrictions.
> reject_unknown_sender_domain
> permit
>
> smtpd_client_restrictions =
> # sleep 1
> reject_unauth_pipelining
> permit_sasl_authenticated
> permit_mynetworks
> reject_unknown_client_hostname
> permit
>
> smtpd_recipient_restrictions =
> reject_unauth_pipelining
> reject_non_fqdn_recipient
> reject_unknown_recipient_domain
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> #fully automated RBLs
Much too much RBLs, really.
> reject_rbl_client truncate.gbudb.net
> reject_rbl_client dnsbl.proxybl.org
> reject_rbl_client psbl.surriel.com
> reject_rbl_client db.wpbl.info
> reject_rbl_client bl.spamcop.net
spamcop can be too aggressive.
> # reject_rbl_client bl.spamcannibal.org #blocked charles
> reject_rbl_client intercept.datapacket.net
> reject_rbl_client spamtrap.drbl.drand.net
> # reject_rbl_client dnsbl.ahbl.org #blocked godaddy
> reject_rbl_client dnsbl-1.uceprotect.net
> reject_rbl_client bhnc.njabl.org
> reject_rbl_client dnsbl.njabl.org
> #larder RBLs with some non-automation and larger ranges of IPs
> # reject_rbl_client dnsbl.sorbs.net #(blocked fedora)
> # reject_rbl_client dnsbl-2.uceprotect.net
> reject_rbl_client dnsbl-3.uceprotect.net
> reject_rbl_client zen.spamhaus.org
> # reject_rbl_client
> # reject_rbl_client dnsbl-2.uceprotect.net,
> # check_policy_service unix:private/spfpolicy
> # check_policy_service inet:127.0.0.1:10023
> permit
>
> strict_rfc821_envelopes = yes
> smtpd_reject_unlisted_sender = yes
Alexander
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
