|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: 2.2.8 + amavisd + postgrey
From: mouss (usebsd
free.fr)
Date: Mon Feb 06 2006 - 05:53:21 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bill Bradford a écrit :
> On Mon, Feb 06, 2006 at 02:40:26AM +0100, mouss wrote:
>
>>>smtpd_recipient_restrictions =
>>> permit_mynetworks
>>> permit_mx_backup
>>
>>This allows anyone to use you as a "free relay".
>
>
> How so? I successfuly pass all of abuse.net's open relay tests.
> Tried it again just now.
I said "free", not "open". If I put your server as my domain MX, you're
gonna relay for me, and that without your authorization. If many people
do so (voluntarily or accidentally), you're gonna get much traffic than
you think.
Another problem is that you're gonna generate backscatter when the relay
will fail.
>
> I had permit_auth_destination and reject_unknown_recipient_domain in there
> until earlier today. Just added them back in.
>
>
>>Look again at your restrictions:
>>...
>>all mail matches one of the 3 first conditions.
>
>
> Where should I put the greylisting check, then?
>
> Here's the full relevant section of my main.cf:
>
> smtpd_helo_restrictions =
> permit_mynetworks
>
> smtpd_client_restrictions =
> permit_mynetworks
> reject_rbl_client sbl-xbl.spamhaus.org
>
> smtpd_sender_restrictions =
> permit_mynetworks
> reject_unauth_pipelining
probably useless if you're using the defaukt "delay_reject=no".
> reject_unknown_sender_domain
>
> smtpd_recipient_restrictions =
> permit_mynetworks
> permit_mx_backup
Why do you need this?
> permit_auth_destination
and this?
> reject_unauth_destination
At this point, mail has either been accepted or rejected, so subsequent
checks don't occur.
> reject_unknown_recipient_domain
what for?
> check_policy_service inet:127.0.0.1:6000
> check_helo_access dbm:/etc/postfix/helo_checks
>
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restirctions =
# allow my networks
permit_mynetworks
# reject relay attempts
reject_unauth_destination
## now, we deal with inbound mail:
# sender domain must resolve...
reject_unknown_sender_domain
# reject bad helo
check_helo_access dbm:/etc/postfix/helo_checks
# reject clients listed in sbl-xbl
reject_rbl_client sbl-xbl.spamhaus.org
# greylist
check_policy_service inet:127.0.0.1:6000
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]