Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Darren Pilgrim (postfixbitfreak.org)
Date: Thu Dec 18 2008 - 21:01:01 CST
King Spook wrote:
> I'm getting hit pretty hard with spam, and was hoping to reduce it a
> bit by adding the following smtpd restrictions:
> smtpd_helo_restrictions = reject_invalid_helo_hostname,
> smtpd_sender_restrictions = reject_non_fdqn_sender
> Is that safe to do?
Yes! Depending on the day, anywhere from a third to half of messages
rejected in-session by my servers are due to those two restrictions
alone. In two years, I've yet to see a false positive. Just don't use
reject_unknown_helo_hostname (way too many false positives).
Caveat: Many MUAs use non-FQDN hostnames or worse. You get around this
problem by putting them in smtpd_recipient_restrictions, after
permit_mynetworks and permit_sasl_authenticated:
You should almost always keep all your restrictions in
smtpd_recipient_restrictions. It avoids evaluation-order headaches.