Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Mauro Sanna (mauro.sannacomune.cagliari.it)
Date: Wed Apr 23 2008 - 09:31:06 CDT
> On 4/23/2008, Mauro Sanna (mauro.sannacomune.cagliari.it) wrote:
> > I've changed - now it is:
> > reject_non_fqdn_sender,
> > reject_non_fqdn_recipient,
> > permit_mynetworks,
> > permit_sasl_authenticated,
> > reject unauth_destination,
> > reject_unknown_sender_domain,
> > reject_unknown_recipient_domain,
> > reject_invalid_hostname,
> > reject_non_fqdn_hostname,
> I don't see why you want to put even those two DNS checks before the two
> main permits and reject_unauth_destination - it is pointless, and
> results in unnecessary DNS queries *and* potential rejection of
> legitimate mail from badly configured servers/clients... but again, that
> is up to you...
You are right, sorry I forget those ones:
Now it is right I hope.
> >> I think the last action should be reject, no? Otherwise,
> >> anyone who passes all other restrictions will be allowed?
> > permit is right if I put reject it means to reject all request even
> > if they are correct. Instead if the clients pass all the rejects then
> > they are good and I permit them.
> Oh, right - sorry... I keep mine restricted because I use an outsourced
> anti-spam service, so my last action is reject...
For anti spam I use postgrey.