|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Needed: Pros & Cons for each UCE measure
From: Matthew Hawkins (matthew
topic.com.au)Date: Thu Nov 02 2000 - 17:51:14 CST
- Next message: Liviu Daia: "Re: complie with mysql"
- Previous message: Wietse Venema: "Re: RBL"
- In reply to: Scott Chapman: "Needed: Pros & Cons for each UCE measure"
- Next in thread: Vivek Khera: "Re: Needed: Pros & Cons for each UCE measure"
- Reply: Matthew Hawkins: "Re: Needed: Pros & Cons for each UCE measure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 02 Nov 2000, Scott Chapman wrote:
> For example, I'm considering the smtpd_helo_restrictions options:
>
> reject_invalid_hostname
> reject_unknown_hostname
> reject_non_fqdn_hostname
>
> Do these ever stop valid email?
Depends on your definition of "valid email". Sure, they'll stop anything that
fails their tests. The other tricky thing is, if your DNS fails, they'll
probably stop ALL email (reject_unknown_hostname in particular). This isn't
really a fault of the option in particular, its just fallout from bigger
problems on your network.
Personally I use the RBL and client_access checks. The whole purpose of an MTA
is to transfer mail, so I want to keep its extraneous processing to a minimum.
Sure, some spam gets through - but that's what the client_access check is for.
It gets through _once_, gets added to the reject list, and periodically that
gets registered with SpamCop et al. so the list can be pruned. I have a
procmail filter that traps _all_ spam I get, so the whole process is easily
automated. (I just tend to do it by hand out of habit and distrust of fully
automated systems)
Especially for newbies though, keep the configuration simple. If I may make a
gross generalisation, probably 90% of postfix MTA's won't use 90% of the
features of postfix. With anti-spam options in particular, you should weigh up
whether the benefits of that particular option outweigh the time it'll take to
implement and test it before making it live, plus the cost on the system after
making it live. An MTA will _never_ stop _all_ spam - they're designed for
the exact opposite operation (transferring, not blocking). It's okay to let
some through and trap it later with a filtering delivery agent or whatever.
(most of which have far superior rules for that sort of thing anyway)
Remember that the MTA is only one part of your whole mail system...
-- Matt
- Next message: Liviu Daia: "Re: complie with mysql"
- Previous message: Wietse Venema: "Re: RBL"
- In reply to: Scott Chapman: "Needed: Pros & Cons for each UCE measure"
- Next in thread: Vivek Khera: "Re: Needed: Pros & Cons for each UCE measure"
- Reply: Matthew Hawkins: "Re: Needed: Pros & Cons for each UCE measure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]