1 |
Grant wrote: |
2 |
>> Greylisting because it doesn't filter anything it merely delays |
3 |
>> email with a temp 450 error. Real emails retry after an interval |
4 |
>> and spam does not so it eliminates about 90-95%. Couple with |
5 |
>> reasonable Postfix checks like making sure the sender domain |
6 |
>> exists, etc and a mail client with internal filtering. With the |
7 |
>> above in place I see maybe 1-2 actual spams in my inbox a week and |
8 |
>> averaging about eight a day in my spam folder. |
9 |
>> |
10 |
>> Postgrey is in portage and it'll take you about almost two full |
11 |
>> minutes to get setup and working. I suggest making the the greylist |
12 |
>> time 30 seconds and the whitelist time 32 days. |
13 |
>> |
14 |
>> kashani |
15 |
> |
16 |
> That sounds really nice. Would you say sending back a 450 error is |
17 |
> 100% reliable? Which config option makes postfix check to see if the |
18 |
> sender domain exists. I can't find it in /etc/postfix/main.cf. |
19 |
> |
20 |
|
21 |
Nothing is 100% reliable and greylisting is no different. Somewhere |
22 |
someone is running a mail server that retries every 4 hours instead of |
23 |
the usual 5 minutes, 15 minutes, 60 minutes that most servers do. Mail |
24 |
that shows up in 4-8 hours may be no different that if you have dropped |
25 |
the mail in the first place. Additionally some things like Amazon |
26 |
newsletters do not retry at all so you'd have to white-list them. And |
27 |
I've seen two instances where email originates from a different server |
28 |
each time it retires... which makes no sense at any level and seems |
29 |
incredibly in efficient. |
30 |
I'd keep an eye on things the first month you run it, but generally I |
31 |
have had very few issues over the past two years. |
32 |
|
33 |
You want to look at smptd_recipient_restrictions. I like the following, |
34 |
but I would not blindly use them unless you are sure it's the behavior |
35 |
you really want. |
36 |
|
37 |
smtpd_recipient_restrictions = |
38 |
reject_invalid_hostname, |
39 |
reject_non_fqdn_recipient, |
40 |
reject_non_fqdn_sender, |
41 |
reject_unknown_sender_domain, |
42 |
reject_unknown_recipient_domain, |
43 |
reject_unauth_pipelining, |
44 |
permit_mynetworks, |
45 |
permit_sasl_authenticated, |
46 |
check_policy_service inet:127.0.0.1:10030, |
47 |
reject_unauth_destination, |
48 |
permit |
49 |
|
50 |
kashani |
51 |
-- |
52 |
gentoo-user@g.o mailing list |