|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Immediate reject without calling policy service
From: mouss (usebsd
free.fr)
Date: Sat Dec 02 2006 - 07:36:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
elaconta.com Webmaster wrote:
> Hi
>
> I've recently deployed MARBL (http://www.orangegroove.net/code/marbl/)
> to perform selective greylisting under Postfix as a policy server, and
> it absolutely rocks, giving us all the benefits of greylisting with no
> delay for most legitimate senders and about zero false positives.
> Now i have my Postfix configuration down cold, i'm into maximum
> optimization.
> When an email is sent to a non-existent email address in a domain, the
> marbl daemon seems to be queried before rejection. Is there any way for
> me to rearrange my restrictions so that email to nonexistent addresses
> will be rejected outright without having to go through MARBL and
> therefore avoiding costly DNS lookups?
>
> A snippet of the logs that seem to confirm MARBL is queried before the
> REJECT (an email is sent from jimbojamesgmail.com to a non-existant
> email in the elaconta.com domain):
>
you need reject_unlisted_recipient.
smtpd_helo_restrictions =
smtpd_sender_restrictions =
## we put these here to avoid becoming an open relay in case
## of an accidental OK.
check_sender_access hash:$config_directory/spammer
# check_sender_access hash:$config_directory/sender_acl
# check_recipient_access hash:$config_directory/recipient_acl
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unlisted_sender
reject_unlisted_recipient
reject_sender_login_mismatch
reject_invalid_hostname
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
## allow per recipient access control
# check_recipient_access hash:$config_directory/recipient_prefs
reject_unknown_sender_domain
#check_sender_mx_access hash:$config_directory/sender_mx_acl
#check_helo_access hash:$config_directory/helo_acl
reject_spf_invalid_sender
reject_rbl_client sbl-xbl.spamhaus.org
#reject_rbl_client list.dsbl.org
#reject_rbl_client relay.ordb.org
check_policy_service inet:127.0.0.1:2552
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]