1 |
On 12/03/2011 08:59 PM, Pandu Poluan wrote: |
2 |
> |
3 |
> |
4 |
> This is new information to me. If you're subscribed to Gentoo-server, |
5 |
> you'll know that I am in the process of setting up a mailfiltering |
6 |
> gateway for my company. |
7 |
> |
8 |
> Any resources on this "postscreen" facility? sounds like a very nice |
9 |
> thing to implement. |
10 |
> |
11 |
> Rgds, |
12 |
> |
13 |
|
14 |
Postscreen is just part of Postfix; it's a separate daemon added in the |
15 |
latest version. |
16 |
|
17 |
This is the official README: |
18 |
|
19 |
http://www.postfix.org/POSTSCREEN_README.html |
20 |
|
21 |
and the configuration parameters are documented in the usual place: |
22 |
|
23 |
http://www.postfix.org/postconf.5.html |
24 |
|
25 |
|
26 |
Here's the entirety of my main.cf postscreen section for reference. I've |
27 |
deemed these safe, but you shouldn't enable them without reading what |
28 |
they do! |
29 |
|
30 |
|
31 |
# |
32 |
# Postscreen settings |
33 |
# |
34 |
|
35 |
postscreen_greet_action = enforce |
36 |
|
37 |
postscreen_dnsbl_sites = |
38 |
psbl.surriel.com, |
39 |
bl.spamcop.net, |
40 |
zen.spamhaus.org, |
41 |
b.barracudacentral.org |
42 |
|
43 |
postscreen_dnsbl_threshold = 1 |
44 |
postscreen_dnsbl_action = enforce |
45 |
|
46 |
|
47 |
## |
48 |
## Deep protocol tests |
49 |
## |
50 |
|
51 |
postscreen_pipelining_enable = yes |
52 |
postscreen_pipelining_action = enforce |
53 |
|
54 |
postscreen_non_smtp_command_enable = yes |
55 |
postscreen_non_smtp_command_action = enforce |
56 |
|
57 |
postscreen_bare_newline_enable = yes |
58 |
postscreen_bare_newline_action = enforce |