Hi Rui,
On Fri, 11 Aug 2017 12:36:34 +0100 Rui Ribeiro wrote:
> There were even customized ports of Qmail in the past that had
> options that could be easily be enabled to downright refuse email
> from emails hosts not matching A/PTR or HELO
Postfix has these types of filters built in by default.
Similar to spamd's standard greylisting & stuttering options,
these lightweight DNS tests are simply superb spam nukers.
Why? Zombies can't set a machine's (r)DNS, nor make them match.
These Postfix options kill spam (be careful about using on port 587):
smtpd_client_restrictions =
reject_unknown_client_hostname
smtpd_helo_restrictions =
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
smtpd_sender_restrictions =
reject_non_fqdn_sender
reject_unlisted_sender
reject_unknown_sender_domain
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_unknown_recipient_domain
For testing, each can be prefixed with 'warn_if_reject'.
Warnings are logged while the session continues as usual.
There are other more and less aggressive (RFC derived) settings.
See http://www.Postfix.Org/postconf.5.html
Cool,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
