On Mon, May 11, 2015 at 12:09:08PM +0200, Niels Dettenbach wrote:
> > As past long-standing practice, @Gentoo.org system-level mail handling for
> > incoming mail was officially to tag everything, and delete nothing.
> This is - for a public internet Mailer / MX - a VERY bad option - at least
> mail not fulfilling basic email standards should be blocked (as usual by the
> very most professional level mail services), because it could be (used)
> abusive by thirds.
There are people that still accept mail that violates standards?
My above statement is for mail that we ACCEPTED. If it violates
standards, it's already denied at SMTP time.
smtpd_restriction_classes = restrictive,permissive
restrictive =
reject_invalid_hostname
reject_non_fqdn_hostname
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
check_sender_mx_access cidr:/etc/postfix/bogus_mx_records
check_sender_access pcre:/etc/postfix/sender_access_control.pcre
check_sender_access pcre:/etc/postfix/sender_access_control-aliases.pcre
check_helo_access pcre:/etc/postfix/helo_checks
reject_unverified_sender
check_client_access cidr:/etc/postfix/filter.cidr
permit
permissive =
permit
> > Unless there are any major objections, as of May 17th, Infra will start
> > dropping mail that scores more than 10.0 points in Spamassassin.
> >
> > If that is successful, I propose to drop the score point by 1 point every
> > month until it hits a score of 5.0 (so by mid-October, it will be dropping
> > mail that scores more than 5.0).
> This will work (depending form some of your SA setup details and how far you
> use all of the features, channels and possible extensions / third party
> services - i.e. DCC, Razor, Pyzor, "all" the different update channels, Bayes
> - while disabling DNSBLs and doing that still before in your mailer) until
> you
> go down 5.
See my other response, we've got pretty much all of the things going already.
--
Robin Hugh Johnson
Gentoo Linux: Developer, Infrastructure Lead
E-Mail : [email protected]
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
