|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: 2.2.8 + amavisd + postgrey
From: Gary V (mr88talent
hotmail.com)
Date: Sun Feb 05 2006 - 20:49:36 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>On Mon, Feb 06, 2006 at 02:40:26AM +0100, mouss wrote:
> > > smtpd_recipient_restrictions =
> > > permit_mynetworks
> > > permit_mx_backup
> > This allows anyone to use you as a "free relay".
>
>How so? I successfuly pass all of abuse.net's open relay tests.
>Tried it again just now.
>
>I had permit_auth_destination and reject_unknown_recipient_domain in there
>until earlier today. Just added them back in.
>
> > Look again at your restrictions:
> > ...
> > all mail matches one of the 3 first conditions.
>
>Where should I put the greylisting check, then?
>
>Here's the full relevant section of my main.cf:
>
>smtpd_helo_restrictions =
> permit_mynetworks
>
>smtpd_client_restrictions =
> permit_mynetworks
> reject_rbl_client sbl-xbl.spamhaus.org
>
>smtpd_sender_restrictions =
> permit_mynetworks
> reject_unauth_pipelining
> reject_unknown_sender_domain
>
>smtpd_recipient_restrictions =
> permit_mynetworks
> permit_mx_backup
> permit_auth_destination
> reject_unauth_destination
> reject_unknown_recipient_domain
> check_policy_service inet:127.0.0.1:6000
> check_helo_access dbm:/etc/postfix/helo_checks
>
>Bill
Forgive my lack of familiarity with permit_mx_backup, but if I understand
this correctly, all mail destined for a domain you are a backup MX for will
be permitted by permit_mx_backup, so no client will ever see your
check_policy_service. If you are a backup MX, and you relay mail, I think
you would have to get rid of permit_mx_backup, and instead place domains you
relay for in relay_domains. At any rate, list all domains in their proper
address class. I don't know, but I wonder if it would be OK to place the
check_policy_service before permit_mx_backup, but even if it is OK, your
check_helo_access may never see any clients.
Gary V
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]