On Tue, Mar 10, 2009 at 12:22 PM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote:
> On Tue, Mar 10, 2009 at 11:59:22AM -0400, Linux Addict wrote: > > > Dear Group, I am modifying my recipient restrictions to displayed below. > I > > referred many documents to compile the options. I want you experts to > once > > verify it for me. > > > > smtpd_recipient_restrictions = > > reject_non_fqdn_sender, > > reject_non_fqdn_recipient, > > reject_unknown_sender_domain, > > reject_unknown_recipient_domain, > > This mostly for hosts that handle "submission" from MUAs. Often best to > move submission to port 587 and apply only there. You'll reject bogus > domains from untrusted senders anyway. > > > permit_mynetworks, > > permit_sasl_authenticated, > > reject_unauth_destination, > > reject_unlisted_recipient, > > reject_invalid_hostname, > > reject_invalid_helo_hostname > > The two above are the same. > > > reject_non_fqdn_helo_hostname > > Why so much emphasis on HELO names, they are not a very effective > spam sign. > > > reject_unauth_pipelining, > > Currently best in smtpd_data_restrictions, where it is effective after > EHLO, as during RCPT TO, additional RCPT TO commands or the "DATA" > command can be legitimately "PIPELINED" in the same packet. > > > reject_unknown_reverse_client_hostname > > reject_rbl_client zen.spamhaus.org, > > reject_rbl_client bl.spamcop.net, > > permit > > Fairly sensible overall. Is it better to place rbl rejections under smtpd_client_restrictions? > > > -- > Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly. >
