[TriLUG] postfix spam blocking

Aaron Schrab aaron at schrab.com
Fri Dec 16 09:25:23 EST 2011


At 08:05 -0500 16 Dec 2011, David Black <dave at jamsoft.com> wrote:
>I experimented with client and recipient restrictions a while ago and 
>found the client restrictions sometimes blocked too early.  The 
>connecting MX didn't get enough of a chance to say much about who it 
>was and what it wanted, before being disconnected.  If the filters were 
>100% accurate it'd be different, but the free RBLs, for instance, 
>definitely aren't.
>
>Better to load up recipient restrictions with a nice set of filters, 
>able to act on all the info gathered after the HELO.   The author of 
>this page seems to agree:  
>http://www.akadia.com/services/postfix_uce.html


I largely agree, but for a different reason.  If you want to gather 
additional information about connections that will be rejected by 
client, helo, or sender restrictions there's the smtpd_delay_reject 
option that will cause postfix to delay actually checking any of those 
until it receives the recipient info.  And it looks like that option is 
set by default.

The reason I'd largely recommend putting pretty much everything into 
smtpd_recipient_restrictions is that it simplifies things.  This way 
there's no need to try to work out how the different restriction options 
interact with each other.



More information about the TriLUG mailing list