[TriLUG] Open Mail Relay - What Happened?
Alan Porter
porter at trilug.org
Thu Jun 28 09:46:00 EDT 2007
Hi Randy,
You need to set up some restrictions for who can connect, who can send,
who can receive. These are done using the "smtpd_XXXXX_restrictions"
options. Mine are below. Obviously, some bits are a work in progress,
but this should point you in the right direction.
Alan
smtpd_helo_restrictions =
permit_sasl_authenticated,
# permit_mynetworks is required for SquirrelMail to work
permit_mynetworks,
check_helo_access mysql:/etc/postfix/mysql_blacklist_helo.cf,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
# check sender address (see
http://www.freesoftwaremagazine.com/articles/focus_spam_postfix)
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
# check to see if they claim to be ME
##warn_if_reject check_sender_mx_access
# new 2006-11-12
check_sender_access mysql:/etc/postfix/mysql_blacklist_sender.cf,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access mysql:/etc/postfix/mysql_blacklist_recipient.cf,
# not implemented yet - I am not dealing with secondaries yet
#check_helo_access mysql:/etc/postfix/mysql_secondary_mx.cf,
## NO LONGER WORKING -> reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
# 'spfpolicy' is defined in master.cf, points to a perl script in
/usr/local/lib/postfix
#check_policy_service unix:private/spfpolicy
# Postgrey is on port 60000
check_policy_service inet:127.0.0.1:60000,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
.
More information about the TriLUG
mailing list