On Mon, Jun 1, 2015 at 12:58 PM, Elijah Savage <[email protected]>
wrote:
> Again thanks for all the great recommendations, I now have a few ways of
> trying to combat this if my plan doesn't work.
>
> I have a utilized my spam filtering agent combined with a no rDNS rule and
> increased the score of that rule.
>
> If this along with DNSRBL doesn't work then I will give some of the others
> a try.
This is expanding a bit on Elijah's OP, but here are my current
restrictions that I've been running for a while:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_dnswl_client list.dnswl.org=127.0.[2..14].[2..3],
reject_invalid_helo_hostname,
warn_if_reject reject_unknown_helo_hostname,
warn_if_reject reject_non_fqdn_helo_hostname,
reject_unknown_reverse_client_hostname,
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
check_helo_access hash:/etc/postfix/helo_access,
check_sender_access hash:/etc/postfix/sender_access,
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
permit
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
Sanity checks welcome. :)
SteveJ
