>> smtpd_delay_reject = yes
>> smtpd_helo_required = yes
>> smtpd_helo_restrictions =
>> reject_non_fqdn_hostname,
> This will cause a lot of false positives in my experience. DNS is widely
> broken out there as it's put in the hands of too many clueless admins.
>
> There are more risky settings here I would not recommend for business
> usage. The main problem with this strict aproach is that you reject or
> accept based on a single parameter. I find this far too risky!
>
> I would put more effort into amavisd and spamassassin where multiple
> checks are performed and no single rule will throwaway any mail. I
> removed all these extremist checks and all RBL checks from postfix and
> let spamassassin deal with them.
I have now in main.cf:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client relays.ordb.org,
reject_rbl_client cn.rbl.cluecentral.net,
check_policy_service inet:127.0.0.1:2501
content_filter = smtp-amavis:[127.0.0.1]:10024
and amavisd.conf:
$sa_tag_level_deflt = 1.0;
$sa_tag2_level_deflt = 3.0;
$sa_kill_level_deflt = 4.6;
$sa_dsn_cutoff_level = 10;
Have set this up on 3 mailservers, see what's happening.
> Of course, my subjective opinion.
And mine.
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
