Simon Jones wrote:
Cool, thanks - is there also a way to enable the following checks:
Valid sender
Valid sender domain
Reverse lookup on sender IP (ptr)
Greet pause
Throttle incoming connections (similar to the sendmail max invalid
recipients throttle)
Let's see.... The throttling is already built in. If you look in your
/etc/tcprules.d/tcp.smtp file you will see that it allows up to 15
recipients, with a maximum of 3 invalid ones before it drops the
connections. Stops the "dictionary sends" for the spammers.
The majority of the rest of it looks like you're looking for SPF
checking, which is also built in. It's set to run in a "safe" mode right
now (since SPF didn't take off as quickly as everyone had hoped), but
you can easily tighten that down by changing the value in your
/var/qmail/control/spfbehavior file. Here's some more info:
Use this to turn on SPF checking. The default value is 0 (off).
You can specify a value between 0 and 6:
* 0: Never do SPF lookups, don't create Received-SPF headers
* 1: Only create Received-SPF headers, never block
* 2: Use temporary errors when you have DNS lookup problems
* 3: Reject mails when SPF resolves to fail (deny)
* 4: Reject mails when SPF resolves to softfail
* 5: Reject mails when SPF resolves to neutral
* 6: Reject mails when SPF does not resolve to pass
Values bigger than 3 are strongly discouraged, you probably want
to go with 2 or 3.
Important: This setting can be overridden using the environment
variable SPFBEHAVIOR, e.g. from tcpserver rules.
Note: If RELAYCLIENT is set, SPF checks won't run at all.
(This also includes SMTP-AUTH and similar patches)
I personally only use level 1, since I ran into some problems here when
I tried to run levels 2 and 3. Just my 2-cents, though.
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
