| 1 |
Grant wrote: |
| 2 |
>> Greylisting because it doesn't filter anything it merely delays |
| 3 |
>> email with a temp 450 error. Real emails retry after an interval |
| 4 |
>> and spam does not so it eliminates about 90-95%. Couple with |
| 5 |
>> reasonable Postfix checks like making sure the sender domain |
| 6 |
>> exists, etc and a mail client with internal filtering. With the |
| 7 |
>> above in place I see maybe 1-2 actual spams in my inbox a week and |
| 8 |
>> averaging about eight a day in my spam folder. |
| 9 |
>> |
| 10 |
>> Postgrey is in portage and it'll take you about almost two full |
| 11 |
>> minutes to get setup and working. I suggest making the the greylist |
| 12 |
>> time 30 seconds and the whitelist time 32 days. |
| 13 |
>> |
| 14 |
>> kashani |
| 15 |
> |
| 16 |
> That sounds really nice. Would you say sending back a 450 error is |
| 17 |
> 100% reliable? Which config option makes postfix check to see if the |
| 18 |
> sender domain exists. I can't find it in /etc/postfix/main.cf. |
| 19 |
> |
| 20 |
|
| 21 |
Nothing is 100% reliable and greylisting is no different. Somewhere |
| 22 |
someone is running a mail server that retries every 4 hours instead of |
| 23 |
the usual 5 minutes, 15 minutes, 60 minutes that most servers do. Mail |
| 24 |
that shows up in 4-8 hours may be no different that if you have dropped |
| 25 |
the mail in the first place. Additionally some things like Amazon |
| 26 |
newsletters do not retry at all so you'd have to white-list them. And |
| 27 |
I've seen two instances where email originates from a different server |
| 28 |
each time it retires... which makes no sense at any level and seems |
| 29 |
incredibly in efficient. |
| 30 |
I'd keep an eye on things the first month you run it, but generally I |
| 31 |
have had very few issues over the past two years. |
| 32 |
|
| 33 |
You want to look at smptd_recipient_restrictions. I like the following, |
| 34 |
but I would not blindly use them unless you are sure it's the behavior |
| 35 |
you really want. |
| 36 |
|
| 37 |
smtpd_recipient_restrictions = |
| 38 |
reject_invalid_hostname, |
| 39 |
reject_non_fqdn_recipient, |
| 40 |
reject_non_fqdn_sender, |
| 41 |
reject_unknown_sender_domain, |
| 42 |
reject_unknown_recipient_domain, |
| 43 |
reject_unauth_pipelining, |
| 44 |
permit_mynetworks, |
| 45 |
permit_sasl_authenticated, |
| 46 |
check_policy_service inet:127.0.0.1:10030, |
| 47 |
reject_unauth_destination, |
| 48 |
permit |
| 49 |
|
| 50 |
kashani |
| 51 |
-- |
| 52 |
gentoo-user@g.o mailing list |
Archives