From: Mauro Sanna (mauro.sannacomune.cagliari.it)
Date: Wed Apr 23 2008 - 09:31:06 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On 4/23/2008, Mauro Sanna (mauro.sannacomune.cagliari.it) wrote:
> > I've changed - now it is:
> >
> > reject_non_fqdn_sender,
> > reject_non_fqdn_recipient,
> > permit_mynetworks,
> > permit_sasl_authenticated,
> > reject unauth_destination,
> > reject_unknown_sender_domain,
> > reject_unknown_recipient_domain,
> > reject_invalid_hostname,
> > reject_non_fqdn_hostname,
>
> I don't see why you want to put even those two DNS checks before the two
> main permits and reject_unauth_destination - it is pointless, and
> results in unnecessary DNS queries *and* potential rejection of
> legitimate mail from badly configured servers/clients... but again, that
> is up to you...
>

You are right, sorry I forget those ones:

permit_mynetworks,
permit_sasl_authenticated,
reject unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_invalid_hostname,
reject_non_fqdn_hostname

Now it is right I hope.

> >> I think the last action should be reject, no? Otherwise,
> >> anyone who passes all other restrictions will be allowed?
>
> > permit is right if I put reject it means to reject all request even
> > if they are correct. Instead if the clients pass all the rejects then
> > they are good and I permit them.
>
> Oh, right - sorry... I keep mine restricted because I use an outsourced
> anti-spam service, so my last action is reject...
>

For anti spam I use postgrey.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]