|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: To all of You who use: reject_non_fqdn_hostname and reject_unknown_hostname
From: Tony Earnshaw (tericssonearnshaw
barlaeus.nl)
Date: Fri Sep 01 2006 - 04:54:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
fr den 01.09.2006 Klokka 10:19 (+0200) skreiv o2 - Marcin Wasilewski:
[...]
> Actually I use:
> smtpd_helo_restrictions =
> permit_mynetworks
> check_helo_access hash:/etc/postfix/db/helo_access
> reject_invalid_hostname
>
> and I would like to enable
> reject_non_fqdn_hostname
Do that, but use a whitelist for genuine maverick non-fq clients (idiot
Windows and non-savvy Unix mailadmins). Keep a good eye on what's being
rejected (logs or Mail Delivery System mail to postmaster).
> reject_unknown_hostname
Don't do that in any event. Too much genuine mail will be lost.
> but I wonder how many false-positives it gives..
Both give false positives, but reject_unknown_hostname gives far and
away most.
> and one more question: I saw in doc that I could use: warn_if_reject, but
> how to correctly place it in my config to see how these two rules above will
> be hit.
smtpd_helo_restrictions =
warn_if_reject reject_unknown_hostname
etc.
Actually, that's what we do, which is why I write that using
reject_unknown_hostname gives too many FPs (pflogsumm daily report).
--Tonni
--
Tony Earnshaw
reservebergenser
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]