> This really belongs on the postfix list... > > It might be useful to spend some time learning about the various smtpd > access checks. > > http://www.postfix.org/SMTPD_ACCESS_README.html > http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions > > In this case, we're talking about check_helo_access, which can be placed > under smtpd_helo_restrictions, or if you have the default > smtpd_delay_reject = yes, you can place it in > smtpd_recipient_restrictions or earlier. For example: > > main.cf: > smtpd_recipient_restrictions = > reject_non_fqdn_recipient > reject_non_fqdn_sender > reject_unlisted_recipient > check_recipient_access pcre:/etc/postfix/invalid_recipients.pcre > permit_mynetworks > reject_unauth_destination > ... > check_helo_access pcre:/etc/postfix/helo_checks.pcre > reject_invalid_helo_hostname > check_sender_access hash:/etc/postfix/sender_checks > reject_rbl_client zen.spamhaus.org > ... > permit > > And a sample helo_checks.pcre file: > > helo_checks.pcre: > # Using our domain name... > /^mydomain\.com$/ REJECT Hijacked hostname "mikecappella.com" > > # Using our IP address... > /^192\.168\.0\.1$/ REJECT Hijacked IP "192.168.0.1" > > # Using "localhost": no good, we're localhost > /^localhost$/ REJECT Unacceptable: "localhost" > /^localhost\.localdomain$/ REJECT Unacceptable: > "localhost.localdomain" > /^friend$/ REJECT Unacceptable: "friend" > /^computer$/ REJECT Unacceptable: "computer" > > !/\./ REJECT Unacceptable: Unqualified hostname > > > > Do I need to create any separate file for helo_checks.pcre? And do the > > postmap after? > > Yes, you need to create the file. I use pcre tables - your postfix may > not include this table type. Check postconf -m. If it does not, use > another table type and modify the expressions above to work for your > installation. Pcre and regexp tables do not require postmap: db tables > do, so it depends on what lookup table type you use. > > > > How do I do this? I am really a beginner. Sorry. > > Help me more. > > Thanks, > > > > Justin > > > > > > There are many discussions on the postfix list about various access > checks. For example: > > http://groups.google.com/group/list.postfix.users/browse_thread/th
Thank you again. Some people suggested to have smtpd_timeout = 60s (300s is default) and have smtpd_error_sleep = 0 and even smtpd_delay_reject = no And reject_non_fqdn recipient and sender : would normal users have all fqdn? Does this mean that all non-spammer users using their own ISP have this? I am just worried that I would accidentally reject my valid users who doesn't have proper fqdn. I will make that helo_checks.pcre file since my postconf -m shows that I have pcre and regexp. Thank you for your lessons. Justin ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
