Re: A bit off-topic : postfix

Tue, 13 Sep 2005 12:39:13 -0700 

On 12 Sep 2005, at 07:34 , Alexandre Lollini wrote:

So, how do I set up in postfix the RBLs and spamtraps ?


Spamtraps: no.

rbls:

smtpd_recipient_restrictions =
  check_client_access hash:/usr/local/etc/postfix/pop-before-smtp,
  reject_invalid_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain,
  reject_unauth_pipelining,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,

  check_recipient_access pcre:/usr/local/etc/postfix/ 
recipient_checks.pcre,

  check_policy_service inet:127.0.0.1:10023
  check_client_access hash:/usr/local/etc/postfix/access,
  check_sender_access hash:/usr/local/etc/postfix/banned_addrs,
  reject_rbl_client sbl-xbl.spamhaus.org
  reject_rbl_client cn.rbl.cluecentral.net
  reject_rbl_client kr.rbl.cluecentral.net
  permit



you don't need all of those, but you need permit_mynetworks before  
the checks, and you need permit last.


basically, it's logical.  A new message comes in (or goes out)


check if the IP has been logged into with a password (unnecessary  
unless you have remote users).


    the rejects are pretty self explanatory but for the last which
    means to reject when the client sends the SMTP commands without
    waiting for a status reply from the previous command.


permit local IPs
permit anyone who authenticated via sasl


reject relay addresses and compound addresses  
([EMAIL PROTECTED]@server2.tld)


check a cpre expression in the file "recipient_checks.pcre"

    /^\@/   550 Invalid address format.
    /[EMAIL PROTECTED]@/ 550 This server disallows weird address syntax.
    /^postmaster\@/ OK
    /^hostmaster\@/ OK
    /^abuse\@/ OK


this file allows the postmaster hostmaster and abuse addresses  
through and has another check (redundant, I think) fr malformed  
addresses.


the policy check is postgrey, a greylisting service


then check the access table, any specifically banned addresses, and  
finally rbls.  If nothing ends up matching, allow the mail.


--
Lewis Butler, Owner Covisp.net
240 S Broadway #203, 80209
mobile: 303.564.2512  fx: 303.282.1515
AIM/ichat: covisp xdi: http://public.xdi.org/=lewisbutler



#############################################################
This message is sent to you because you are subscribed to
 the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>























					Reply via email to