Hi luna,

Message of Wednesday, 29. May 2002, 18:26:15:
l> On Wed, 29 May 2002, Timo Boettcher wrote:
>>>And, most: Are there any security-holes not plugged?
>>no - you may see too much valid mail being rejected due to
>>reject_unknown_client.
>>If I cut that out, will I be "secure", that is, no open-relay, than?
l> yes. reject_unauth_destination is the only line necessary to
l> prevent relaying (Assuming the referenced parameters
Which parameters are that?
l> are appropriately configured). the rest do help. but really have
l> more to do with preventing spam, and upholding the smtp "law",
l> so-to-speak.

>>l> you can consolidate your restrictions into
>>smtpd_recipient_restrictions.
>>l> i would recommend:
>>
>>l> smtpd_recipient_restrictions =
>>l> reject_non_fqdn_sender,
>>l> reject_unknown_sender_domain,
>>l> reject_non_fqdn_recipient
>>l> reject_unknown_recipient_domain,
>>l> permit_mynetworks,
>>l> check_client_access hash:/etc/postfix/pop-before-smtp,
>>l> reject_unknown_client, <-- this might cause problems for you
>>l> reject_invalid_hostname,
>>l> reject_non_fqdn_hostname,
>>l> reject_unknown_hostname,
>>l> reject_maps_rbl,
>>l> reject_unauth_destination
>>
>>You mean no other smtpd_*_restrictions except the above?

l> right. if you are using smtpd_delay_reject = yes, then this is even
l> more approriate, as no restrictions are processed until RCPT TO is
l> issued anyway.
That is before the DATA starts flowing, I hope?

again, thanks for your help.

 Timo

-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]