On 12/08/2010 08:07 PM, Stan Hoeppner wrote: > As a general rule for smtpd_foo_restrictions: > > 1. inbuilt Postfix checks are fastest (eg. reject_non_fqdn_sender) > 2. local table lookups are 2nd fastest (eg. hash, cidr, pcre) > 3. policy servers can be fast or not so fast, depending on what they do > 4. dnsbl lookups require a remote network query--typically slowest putting each item on a line by itself, even with the comma at the end causes postfix to give errors on reloading. here is what it looks like now: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre check_client_access cidr:/etc/postfix/china.cidr, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org
> > >> >> check_client_access pcre:/etc/postfix/fqrdns.pcre no longer need that.. > >> >> instead. > > > > > > ah, yup, Debian Lenny, running > > > ii postfix 2.5.5-1.1 > Postfix 2.7.1 is available in Debian Backports. I just installed it a > week or so ago and it works great so far, and enables the better/extra > parameters. You should upgrade. Follow the instructions here: > > http://www.backports.org/dokuwiki/doku.php?id=instructions > and now I have: # dpkg --list|grep postfix ii postfix 2.7.1-1~bpo50+1 High-performance mail transport agent ii postfix-mysql 2.7.1-1~bpo50+1 MySQL map support for Postfix ii postfix-pcre 2.7.1-1~bpo50+1 PCRE map support for Postfix -- Paul Cartwright Registered Linux user # 367800
