After watching the recent thread about filtering restrictions, it's
got me curious as to whether mine are optimal. I've recently added
support for backscatterer checking in my restrictions, and I moved
Stan's fqrdns.pcre check higher in my list per his suggestion in an
earlier thread. Mine now look like:
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_client_access pcre:/etc/postfix/fqrdns.pcre,
reject_unknown_reverse_client_hostname,
warn_if_reject reject_non_fqdn_helo_hostname,
warn_if_reject reject_invalid_helo_hostname,
warn_if_reject reject_unknown_helo_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_helo_access hash:/etc/postfix/helo_access,
check_sender_access hash:/etc/postfix/check_backscatterer,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client psbl.surriel.com,
reject_rhsbl_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
permit
Do I have these listed in an optimal order (from least to most
"expensive")? Any other suggestions?
The check_backscatterer file setup is as suggested on
http://www.backscatterer.org/?target=usage, with the exception of
"hash" instead of "dbm."
FYI - Using Postfix 2.6.5 on this box, but looking to use the same
restrictions on two of my 2.8.0 boxes.
Thanks,
SteveJ
