MrC wrote: >> Justin Kim wrote: > ... > >> MrC Wrote: >>> I find that > 45% of the connections : >>> >>> Reject HELO/EHLO 34.84% >>> Reject unknown user 12.27% >>> >>> can be rejected with cheap checks: >>> >>> reject_unlisted_recipient >>> check_helo_access pcre:/etc/postfix/helo_checks.pcre >>> >>> before rbl checks. That would be a significant hit reduction of RBL >>> checks and and messages passed to your content filter. > > >> Thanks, >> My postcon -n |grep reject now shows this: >> >> smtpd_data_restrictions = reject_unauth_pipelining >> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated >> reject_unauth_destination reject_unknown_sender_domain >> smtpd_reject_unlisted_recipient = yes >> smtpd_reject_unlisted_sender = yes >> unknown_local_recipient_reject_code = 550 >> >> I don't know how to put check_helo_access > > This really belongs on the postfix list... > > It might be useful to spend some time learning about the various smtpd > access checks. > > http://www.postfix.org/SMTPD_ACCESS_README.html > http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions > > In this case, we're talking about check_helo_access, which can be placed > under smtpd_helo_restrictions, or if you have the default > smtpd_delay_reject = yes, you can place it in > smtpd_recipient_restrictions or earlier. For example: > > main.cf: > smtpd_recipient_restrictions = > reject_non_fqdn_recipient > reject_non_fqdn_sender > reject_unlisted_recipient > check_recipient_access pcre:/etc/postfix/invalid_recipients.pcre > permit_mynetworks > reject_unauth_destination > ... > check_helo_access pcre:/etc/postfix/helo_checks.pcre > reject_invalid_helo_hostname > check_sender_access hash:/etc/postfix/sender_checks > reject_rbl_client zen.spamhaus.org > ... > permit > > And a sample helo_checks.pcre file: > > helo_checks.pcre: > # Using our domain name... > /^mydomain\.com$/ REJECT Hijacked hostname "mikecappella.com" > > # Using our IP address... > /^192\.168\.0\.1$/ REJECT Hijacked IP "192.168.0.1" > > # Using "localhost": no good, we're localhost > /^localhost$/ REJECT Unacceptable: "localhost" > /^localhost\.localdomain$/ REJECT Unacceptable: "localhost.localdomain" > /^friend$/ REJECT Unacceptable: "friend" > /^computer$/ REJECT Unacceptable: "computer" >
instead of listing tld's to reject, you can do the opposite: ## does anyone get mail with these TLDs? #/\.aero$/ dunno #/\.coop$/ dunno #/\.family$/ dunno #/\.jobs$/ dunno #/\.mobi$/ dunno #/\.museum$/ dunno #/\.name$/ dunno #/\.post$/ dunno #/\.asia$/ dunno #/\.travel$/ dunno # there are some legitimate .info domains /\.info$/ dunno # now, reject all tld's longer with more than 3 chars. /([^\.]{4,})$/ REJECT unacceptable helo (tld=$1) you can even list all tld's you want to accept and reject all the rest. > !/\./ REJECT Unacceptable: Unqualified hostname ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/