>...
>
>Thanks. Will have to see how to do this with postfix.
>
>Ron
>
>--------------------------------------------------------------------
>Ron Nutter [EMAIL PROTECTED]
>Network Infrastructure & Security Manager
>Information Technology Services (502)863-7002
>Georgetown College
>Georgetown, KY 40324-1696
>--------------------------------------------------------------------
>
>[snipped]
Try:
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain,
and
smtpd_helo_restrictions =
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_unknown_hostname,
and
smtpd_client_restrictions =
reject_unknown_hostname,
reject_unknown_client,
Plus whatever you're already doing. (Warning: Lots of MS boxes
will be misconfigured and get refused - I consider this a good thing.)
YMMV. I find these few rules cause about half of all connections to be
refused (re. half of all spam goes away). Also AFAIK, these all return
a 450 code, so transient errors (i.e. overloaded DNS servers) are not fatal.
If you want to "relax" anything, it might be the "helo" restrictions,
because there are *so* many misconfigured Exchange boxes out there. And
the "client" clauses effectively enforce rDNS - so you might not want them
either (or qualify them with "warn_if_reject" which will log a warning, but
allow the transaction to continue).
The documentation covers all of this.
Paul Shupak
[EMAIL PROTECTED]
P.S. These are just the relevant clauses - I have them interspersed with
*many* other restrictions, access lists, etc..
