MrC wrote:
>> Justin Kim wrote:
> ...
> >> MrC Wrote:
>>> I find that > 45% of the connections :
>>>
>>> Reject HELO/EHLO 34.84%
>>> Reject unknown user 12.27%
>>>
>>> can be rejected with cheap checks:
>>>
>>> reject_unlisted_recipient
>>> check_helo_access pcre:/etc/postfix/helo_checks.pcre
>>>
>>> before rbl checks. That would be a significant hit reduction of RBL
>>> checks and and messages passed to your content filter.
>
>
>> Thanks,
>> My postcon -n |grep reject now shows this:
>>
>> smtpd_data_restrictions = reject_unauth_pipelining
>> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
>> reject_unauth_destination reject_unknown_sender_domain
>> smtpd_reject_unlisted_recipient = yes
>> smtpd_reject_unlisted_sender = yes
>> unknown_local_recipient_reject_code = 550
>>
>> I don't know how to put check_helo_access
>
> This really belongs on the postfix list...
>
> It might be useful to spend some time learning about the various smtpd
> access checks.
>
> http://www.postfix.org/SMTPD_ACCESS_README.html
> http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions
>
> In this case, we're talking about check_helo_access, which can be placed
> under smtpd_helo_restrictions, or if you have the default
> smtpd_delay_reject = yes, you can place it in
> smtpd_recipient_restrictions or earlier. For example:
>
> main.cf:
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient
> reject_non_fqdn_sender
> reject_unlisted_recipient
> check_recipient_access pcre:/etc/postfix/invalid_recipients.pcre
> permit_mynetworks
> reject_unauth_destination
> ...
> check_helo_access pcre:/etc/postfix/helo_checks.pcre
> reject_invalid_helo_hostname
> check_sender_access hash:/etc/postfix/sender_checks
> reject_rbl_client zen.spamhaus.org
> ...
> permit
>
> And a sample helo_checks.pcre file:
>
> helo_checks.pcre:
> # Using our domain name...
> /^mydomain\.com$/ REJECT Hijacked hostname "mikecappella.com"
>
> # Using our IP address...
> /^192\.168\.0\.1$/ REJECT Hijacked IP "192.168.0.1"
>
> # Using "localhost": no good, we're localhost
> /^localhost$/ REJECT Unacceptable: "localhost"
> /^localhost\.localdomain$/ REJECT Unacceptable: "localhost.localdomain"
> /^friend$/ REJECT Unacceptable: "friend"
> /^computer$/ REJECT Unacceptable: "computer"
>
instead of listing tld's to reject, you can do the opposite:
## does anyone get mail with these TLDs?
#/\.aero$/ dunno
#/\.coop$/ dunno
#/\.family$/ dunno
#/\.jobs$/ dunno
#/\.mobi$/ dunno
#/\.museum$/ dunno
#/\.name$/ dunno
#/\.post$/ dunno
#/\.asia$/ dunno
#/\.travel$/ dunno
# there are some legitimate .info domains
/\.info$/ dunno
# now, reject all tld's longer with more than 3 chars.
/([^\.]{4,})$/ REJECT unacceptable helo (tld=$1)
you can even list all tld's you want to accept and reject all the rest.
> !/\./ REJECT Unacceptable: Unqualified hostname
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
