| 1 |
Grant wrote: |
| 2 |
>> I'd be careful with non_fqdn_hostname |
| 3 |
> |
| 4 |
> What's wrong with that? Here's how the postfix docs describe it: |
| 5 |
> |
| 6 |
> reject_non_fqdn_helo_hostname (with Postfix < 2.3: |
| 7 |
> reject_non_fqdn_hostname) |
| 8 |
> Reject the request when the HELO or EHLO hostname is not in |
| 9 |
> fully-qualified domain form, as required by the RFC. |
| 10 |
|
| 11 |
Nothing is wrong with it, but that tends to be the one that bounces the |
| 12 |
most mail erroneously at least for me. In a perfect world there would be |
| 13 |
no problem with it, but in reality we have MS 2003 boxes reporting |
| 14 |
themselves as 2003WS-01 without a FQDN when they attempt to relay. |
| 15 |
|
| 16 |
>> > smtpd_sender_restrictions = |
| 17 |
>> > permit_mynetworks, |
| 18 |
>> > reject_non_fqdn_sender, |
| 19 |
>> > reject_unknown_sender_domain, |
| 20 |
>> > permit |
| 21 |
>> > smtpd_recipient_restrictions = |
| 22 |
>> > permit_mynetworks, |
| 23 |
>> > reject_non_fqdn_recipient, |
| 24 |
>> > reject_unknown_recipient_domain, |
| 25 |
>> > reject_unauth_destination, |
| 26 |
>> > permit |
| 27 |
>> |
| 28 |
>> That's pretty much what I run and you might want to look at |
| 29 |
>> smtpd_data_restrictions as well. |
| 30 |
> |
| 31 |
> What do you use with smtpd_data_restrictions? I was considering |
| 32 |
> reject_unauth_pipelining but the docs have me confused with the "Note" |
| 33 |
> below: |
| 34 |
> |
| 35 |
> reject_unauth_pipelining |
| 36 |
> Reject the request when the client sends SMTP commands ahead of time |
| 37 |
> where it is not allowed, or when the client sends SMTP commands ahead |
| 38 |
> of time without knowing that Postfix actually supports ESMTP command |
| 39 |
> pipelining. This stops mail from bulk mail software that improperly |
| 40 |
> uses ESMTP command pipelining in order to speed up deliveries. |
| 41 |
> Note: reject_unauth_pipelining is not useful outside |
| 42 |
> smtpd_data_restrictions when 1) the client uses ESMTP (EHLO instead of |
| 43 |
> HELO) and 2) with "smtpd_delay_reject = yes" (the default). The use of |
| 44 |
> reject_unauth_pipelining in the other restriction contexts is |
| 45 |
> therefore not recommended. |
| 46 |
|
| 47 |
er hmmm, I'm still using Postfix 2.2 which doesn't have all the neat 2.3 |
| 48 |
stuff yet. In 2.2 you'd put pipelining under smtpd recipient |
| 49 |
restrictions, but it appears that would cause some issues in 2.3 though |
| 50 |
just setting it under data restrictions would work fine if I'm reading |
| 51 |
it right. |
| 52 |
|
| 53 |
kashani |
| 54 |
-- |
| 55 |
gentoo-user@g.o mailing list |
Archives