Grant wrote:
I'd be careful with non_fqdn_hostname
What's wrong with that? Here's how the postfix docs describe it:
reject_non_fqdn_helo_hostname (with Postfix < 2.3:
reject_non_fqdn_hostname)
Reject the request when the HELO or EHLO hostname is not in
fully-qualified domain form, as required by the RFC.
Nothing is wrong with it, but that tends to be the one that bounces the
most mail erroneously at least for me. In a perfect world there would be
no problem with it, but in reality we have MS 2003 boxes reporting
themselves as 2003WS-01 without a FQDN when they attempt to relay.
> smtpd_sender_restrictions =
> permit_mynetworks,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> permit
> smtpd_recipient_restrictions =
> permit_mynetworks,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_unauth_destination,
> permit
That's pretty much what I run and you might want to look at
smtpd_data_restrictions as well.
What do you use with smtpd_data_restrictions? I was considering
reject_unauth_pipelining but the docs have me confused with the "Note"
below:
reject_unauth_pipelining
Reject the request when the client sends SMTP commands ahead of time
where it is not allowed, or when the client sends SMTP commands ahead
of time without knowing that Postfix actually supports ESMTP command
pipelining. This stops mail from bulk mail software that improperly
uses ESMTP command pipelining in order to speed up deliveries.
Note: reject_unauth_pipelining is not useful outside
smtpd_data_restrictions when 1) the client uses ESMTP (EHLO instead of
HELO) and 2) with "smtpd_delay_reject = yes" (the default). The use of
reject_unauth_pipelining in the other restriction contexts is
therefore not recommended.
er hmmm, I'm still using Postfix 2.2 which doesn't have all the neat 2.3
stuff yet. In 2.2 you'd put pipelining under smtpd recipient
restrictions, but it appears that would cause some issues in 2.3 though
just setting it under data restrictions would work fine if I'm reading
it right.
kashani
--
gentoo-user@gentoo.org mailing list
