This is an interesting (to me) approach. I've tried to use it, but
get the following:
fatal: open database /etc/postfix/helo_access.db: Inappropriate file
type or format
I admit, all I did was copy and slightly modify the above lines to
see what it would do. :)
run "postmap helo_access" this will output the database (it took me
forever to get that one working.)
> Next I added this to my main.cf
> smtpd_sender_restrictions =
> permit_sasl_authenticated,
> permit_mynetworks,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> permit
> Forcing everything to use a fully qualified domain name helped
> eliminate a ton of spam. The next item I did was the last of the light
> weight stuff, this catches almost everything else:
> smtpd_recipient_restrictions =
> reject_unauth_pipelining,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination
> check_sender_access
> hash:/etc/postfix/sender_access,
> check_recipient_access
> hash:/etc/postfix/recipient_access,
> check_helo_access
> hash:/etc/postfix/secondary_mx_access,
> reject_rbl_client list.dsbl.org
> reject_rbl_client sbl-xbl.spamhaus.org,
> permit
>
This is also valuable stuff as well, as there are a few directives
here that I've not seen before. I wanted to ask about the format of
the sender_access, recipient_access, and secondary_mx_access files to
which you refer above. Are these basically whitelists? If so, how do
you format the files?
Yeah these files are simply white/blacklists depending on if you use
OK or REJECT.
my.host.com OK
evil.host.com REJECT You are evil!
--
Dallin Jones
www.dallinjones.com
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
