On 05 Oct 2020, at 13:17, Bob Proulx <b...@proulx.com> wrote:
> Here is an old resource but one that I think is still very good is
> "Jim Seymour's suggestions/examples for Postfix anti-UCE configuration."
>
> http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
It's good, but it does need some updating as some things are… misleading.
For example:
If you want smtpd access map entries to match hosts and sub-domains
on just the domain part (e.g.: "example.com" matches "host.example.com"
and "host.subdomain.example.com," you must specify:
parent_domain_matches_subdomains = smtpd_access_maps
However, that is the default:
# postconf -d parent_domain_matches_subdomains
parent_domain_matches_subdomains =
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
There's the whole section on postfix not supporting cidr tables, which was
certainly possible in 2005, but not so much in 2020.
But yes, it's still a good starter document for understanding the configuration
parameters and the order-of-operations flow, but I wouldn't rely on it to
generate you own config without checking some of the `postconf -n` output that
gets posted to the list.
The one thing that it tries very hard to do is explain the meaning of the
sender and recipient maps and while everything there is correct, I think it
would still be quite confusing to someone starting off with postfix who is
likely to wonder if it means that senders are always local or is senders are
never local or if sender might be local and might be not local, which I think
is the single biggest stumbling block for those undertaking modifying their
postfix configs. Pr maybe it's smtp_ versus smtpd_, a mistake that is in the
post:
The "general flow" of the smtp_recipient_restrictions …
But only smtpd_recipient_restrictions are in the file.
But, the biggest thing that makes this document in real need of an update, is
the complete lack of mention of postfix's best antispam feature: postscreen.
--
Bart, don't use the Touch of Death on your sister.
