On Tue, Mar 10, 2009 at 11:59:22AM -0400, Linux Addict wrote:
> Dear Group, I am modifying my recipient restrictions to displayed below. I
> referred many documents to compile the options. I want you experts to once
> verify it for me.
>
> smtpd_recipient_restrictions =
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
This mostly for hosts that handle "submission" from MUAs. Often best to
move submission to port 587 and apply only there. You'll reject bogus
domains from untrusted senders anyway.
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> reject_unlisted_recipient,
> reject_invalid_hostname,
> reject_invalid_helo_hostname
The two above are the same.
> reject_non_fqdn_helo_hostname
Why so much emphasis on HELO names, they are not a very effective
spam sign.
> reject_unauth_pipelining,
Currently best in smtpd_data_restrictions, where it is effective after
EHLO, as during RCPT TO, additional RCPT TO commands or the "DATA"
command can be legitimately "PIPELINED" in the same packet.
> reject_unknown_reverse_client_hostname
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client bl.spamcop.net,
> permit
Fairly sensible overall.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[email protected]?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
