1 |
> > Do you think this postfix anti-spam configuration is OK: |
2 |
> > |
3 |
> > smtpd_delay_reject = yes |
4 |
> > smtpd_helo_required = yes |
5 |
> > smtpd_helo_restrictions = |
6 |
> > permit_mynetworks, |
7 |
> > reject_non_fqdn_hostname, |
8 |
> > reject_invalid_hostname, |
9 |
> > permit |
10 |
> |
11 |
> I'd be careful with non_fqdn_hostname |
12 |
|
13 |
What's wrong with that? Here's how the postfix docs describe it: |
14 |
|
15 |
reject_non_fqdn_helo_hostname (with Postfix < 2.3: reject_non_fqdn_hostname) |
16 |
Reject the request when the HELO or EHLO hostname is not in |
17 |
fully-qualified domain form, as required by the RFC. |
18 |
|
19 |
> > smtpd_sender_restrictions = |
20 |
> > permit_mynetworks, |
21 |
> > reject_non_fqdn_sender, |
22 |
> > reject_unknown_sender_domain, |
23 |
> > permit |
24 |
> > smtpd_recipient_restrictions = |
25 |
> > permit_mynetworks, |
26 |
> > reject_non_fqdn_recipient, |
27 |
> > reject_unknown_recipient_domain, |
28 |
> > reject_unauth_destination, |
29 |
> > permit |
30 |
> |
31 |
> That's pretty much what I run and you might want to look at |
32 |
> smtpd_data_restrictions as well. |
33 |
|
34 |
What do you use with smtpd_data_restrictions? I was considering |
35 |
reject_unauth_pipelining but the docs have me confused with the "Note" |
36 |
below: |
37 |
|
38 |
reject_unauth_pipelining |
39 |
Reject the request when the client sends SMTP commands ahead of time |
40 |
where it is not allowed, or when the client sends SMTP commands ahead |
41 |
of time without knowing that Postfix actually supports ESMTP command |
42 |
pipelining. This stops mail from bulk mail software that improperly |
43 |
uses ESMTP command pipelining in order to speed up deliveries. |
44 |
Note: reject_unauth_pipelining is not useful outside |
45 |
smtpd_data_restrictions when 1) the client uses ESMTP (EHLO instead of |
46 |
HELO) and 2) with "smtpd_delay_reject = yes" (the default). The use of |
47 |
reject_unauth_pipelining in the other restriction contexts is |
48 |
therefore not recommended. |
49 |
|
50 |
> > Would it be OK to remove the following aliases since I never use them: |
51 |
> |
52 |
> It's good form to keep them on your server and compile with the relvent |
53 |
> RFC which specifies these. |
54 |
|
55 |
Those aliases must be bringing in some spam though. |
56 |
|
57 |
- Grant |
58 |
-- |
59 |
gentoo-user@g.o mailing list |