[TriLUG] postfix spam blocking
Aaron Schrab
aaron at schrab.com
Fri Dec 16 09:25:23 EST 2011
At 08:05 -0500 16 Dec 2011, David Black <dave at jamsoft.com> wrote:
>I experimented with client and recipient restrictions a while ago and
>found the client restrictions sometimes blocked too early. The
>connecting MX didn't get enough of a chance to say much about who it
>was and what it wanted, before being disconnected. If the filters were
>100% accurate it'd be different, but the free RBLs, for instance,
>definitely aren't.
>
>Better to load up recipient restrictions with a nice set of filters,
>able to act on all the info gathered after the HELO. The author of
>this page seems to agree:
>http://www.akadia.com/services/postfix_uce.html
I largely agree, but for a different reason. If you want to gather
additional information about connections that will be rejected by
client, helo, or sender restrictions there's the smtpd_delay_reject
option that will cause postfix to delay actually checking any of those
until it receives the recipient info. And it looks like that option is
set by default.
The reason I'd largely recommend putting pretty much everything into
smtpd_recipient_restrictions is that it simplifies things. This way
there's no need to try to work out how the different restriction options
interact with each other.
More information about the TriLUG
mailing list