Loading ...
Sorry, an error occurred while loading the content.
 

Re: SMTP restrictions

Expand Messages
  • Sandy Drobic
    ... There is no real best setup. The better question is Does the result satisfy you, are those restrictions hurting me by rejecting mails I want to
    Message 1 of 3 , Nov 30, 2005
      Sergio Ferreira wrote:
      > Hi List,
      >
      > I started setup spam stuffs and SMTP restrictions, as a begginer with
      > Postfix some doubts raised about SMTP restrictions and I am needing some
      > help.
      > I pasted the config options of my setup related with It, so I would like to
      > have an opinion from the list to achieve the best setup.

      There is no real "best" setup. The better question is "Does the result
      satisfy you, are those restrictions hurting me by rejecting mails I want
      to receive?"

      > Here It is my basic options. It is enough or should I add more options?
      >
      > smtpd_helo_required = yes
      >
      > disable_vrfy_command = yes
      >
      > smtpd_etrn_restrictions = permit_mynetworks,
      > reject

      Those are okay.
      >
      >
      >
      > Below, there is commented lines, those ones are from general options, I
      > don´t know if should I either clean up or enable them. If should I enable
      > them, where is the best place to put It on?
      >
      > smtpd_helo_restrictions = permit_mynetworks,
      > reject_invalid_helo_hostname,
      > reject_unknown_helo_hostname,
      > reject_non_fqdn_helo_hostname,

      You will have to answer the question yourself if these will hinder mails
      you wish to receive. Mostly it will reject spam and virii, but there are
      always some malconfigured servers around that can't be bothered to send a
      correct helo, be prepared to maintain a white-list for them. Especially
      the reject_unknown_helo_hostname might get some unwanted rejects.

      > permit
      >
      > # reject_unknown_client,
      That one should really be used with care. Use it with "warn_if_reject"
      first to check if this will hurt you.

      > # reject_unauth_pipelining,
      >
      >
      >
      > smtpd_sender_restrictions = permit_sasl_authenticated,
      > permit_mynetworks,
      > reject_non_fqdn_sender,
      > reject_unknown_sender_domain,
      > permit
      >
      > # reject_invalid_hostname,
      > # reject_unauth_pipelining,
      > # reject_unknown_client,

      > # reject_unknown_hostname,
      Same here that might reject too much.
      >
      > smtpd_recipient_restrictions = permit_sasl_authenticated,
      > permit_mynetworks,
      > reject_unauth_destination
      > reject_non_fqdn_recipient,
      > reject_unknown_recipient_domain,

      Make sure you have lists of all valid addresses and that they are mapped
      to the correct maps parameter relay_recipients_maps, local_recipients_maps
      etc.

      > permit
      >
      > # reject_unauth_pipelining,
      >
      >
      > Those ones below are good RBLs? Where should I place them?
      >
      > # reject_rbl_client relays.ordb.org,
      > # reject_rbl_client list.dsbl.org,
      > # reject_rbl_client sbl-xbl.spamhaus.org,

      For my needs they work.
      >
      >
      >
      > Should I use It, below?
      >
      > #smtpd_data_restrictions = reject_unauth_pipelining,
      > # reject_multi_recipient_bounce

      You shouldn't get any problems with those.

      > Those came from smtpd_client... and I saw It applied to others smtpd
      > contexts. I don´t understood well Its functionalities, then should I use It
      > or not?
      >
      > # check_policy_service unix:private/sbfpolicy,
      > # check_policy_service inet:127.0.0.1:10023

      Don't use settings you don't understand. (^-^)
      If you haven't set up a policy server you have no need for these settings.

      Sandy
    Your message has been successfully submitted and would be delivered to recipients shortly.