Hi all,
Just a question about spam prevention and resource optimalisation.
What is the best way to go. I have this as spam prevention at the moment.
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_invalid_hostname,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_unlisted_recipient,
check_policy_service inet:127.0.0.1:60000,
permit
This mean that there are a number of tests before the actual recipient
address is tested, would it not be better to place the
reject_unlisted_recipient very early in the chain? Or am I wrong here. In
placing the reject_unlisted_recipient earlier in the chain would I not make
it easier for dictionary attacks to succeed? The check_policy_server is the
postgrey implementation of http://postgrey.schweikert.ch/
I added the reject_unlisted_recipient before the postgrey policy test
because I noticed unknown recipients being passed to the postgrey policy
test.
Any comments would be welcome.
--
Simple things make people happy.
Willy De la Court
PGP Public Key at http://www.linux-lovers.be/download/public_key.asc
PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
