1 |
Grant wrote: |
2 |
>> I'd be careful with non_fqdn_hostname |
3 |
> |
4 |
> What's wrong with that? Here's how the postfix docs describe it: |
5 |
> |
6 |
> reject_non_fqdn_helo_hostname (with Postfix < 2.3: |
7 |
> reject_non_fqdn_hostname) |
8 |
> Reject the request when the HELO or EHLO hostname is not in |
9 |
> fully-qualified domain form, as required by the RFC. |
10 |
|
11 |
Nothing is wrong with it, but that tends to be the one that bounces the |
12 |
most mail erroneously at least for me. In a perfect world there would be |
13 |
no problem with it, but in reality we have MS 2003 boxes reporting |
14 |
themselves as 2003WS-01 without a FQDN when they attempt to relay. |
15 |
|
16 |
>> > smtpd_sender_restrictions = |
17 |
>> > permit_mynetworks, |
18 |
>> > reject_non_fqdn_sender, |
19 |
>> > reject_unknown_sender_domain, |
20 |
>> > permit |
21 |
>> > smtpd_recipient_restrictions = |
22 |
>> > permit_mynetworks, |
23 |
>> > reject_non_fqdn_recipient, |
24 |
>> > reject_unknown_recipient_domain, |
25 |
>> > reject_unauth_destination, |
26 |
>> > permit |
27 |
>> |
28 |
>> That's pretty much what I run and you might want to look at |
29 |
>> smtpd_data_restrictions as well. |
30 |
> |
31 |
> What do you use with smtpd_data_restrictions? I was considering |
32 |
> reject_unauth_pipelining but the docs have me confused with the "Note" |
33 |
> below: |
34 |
> |
35 |
> reject_unauth_pipelining |
36 |
> Reject the request when the client sends SMTP commands ahead of time |
37 |
> where it is not allowed, or when the client sends SMTP commands ahead |
38 |
> of time without knowing that Postfix actually supports ESMTP command |
39 |
> pipelining. This stops mail from bulk mail software that improperly |
40 |
> uses ESMTP command pipelining in order to speed up deliveries. |
41 |
> Note: reject_unauth_pipelining is not useful outside |
42 |
> smtpd_data_restrictions when 1) the client uses ESMTP (EHLO instead of |
43 |
> HELO) and 2) with "smtpd_delay_reject = yes" (the default). The use of |
44 |
> reject_unauth_pipelining in the other restriction contexts is |
45 |
> therefore not recommended. |
46 |
|
47 |
er hmmm, I'm still using Postfix 2.2 which doesn't have all the neat 2.3 |
48 |
stuff yet. In 2.2 you'd put pipelining under smtpd recipient |
49 |
restrictions, but it appears that would cause some issues in 2.3 though |
50 |
just setting it under data restrictions would work fine if I'm reading |
51 |
it right. |
52 |
|
53 |
kashani |
54 |
-- |
55 |
gentoo-user@g.o mailing list |