Performance
Peter Russell
pete at enitech.com.au
Thu Feb 1 02:46:58 CET 2007
Glenn Steen wrote:
> On 31/01/07, Peter Russell <pete at enitech.com.au> wrote:
> (snip)
>> >> PostFix Configuration:
>> >> [root at mx1 ~]# postconf -n
>> >> canonical_maps = hash:/etc/postfix/canonical
>> >> config_directory = /etc/postfix
>> >> disable_vrfy_command = yes
>> >> hash_queue_names = ""
>> >> header_checks = regexp:/etc/postfix/header_checks
>> >> masquerade_exceptions = root
>> >> message_size_limit = 51200000
>> >> mydomain = schmerold.com
>> >> myhostname = mx1.schmerold.com
>> >> mynetworks = 127.0.0.0/8 65.16.251.208/29
>> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com
>> > Why is there no "companion" relay_recipient_maps? You should reject
>> > unknown recipients.
>> >
>> >> smtpd_data_restrictions = reject_unauth_pipelining, permit
>> >> smtpd_helo_required = yes
>> > Here you should perhaps have a
>> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access
>> > hash:/etc/postfix/deny_domain_spoof
>> > Where the deny_domain_spoof is simply an access file detailing the
>> > domains and IP addresses you relay for like "katy.com REJECT". Will be
>> > perfectly safe to use.
>>
>> Glenn - should he have REJECT for domains he relays for?
> Yes. The thinking here is to REJECT anyone pretending to be either
> your domain (your MX) or any of the "internal/trusted" IP addresses,
> unless they really are... The permit_mynetworks take care of not
> rejecting things that shouldn't be rejected:).
> As said, perfectly safe;-).
> This one rejects a few every day.
Sorry for the questions, but i am trying to stop some of the low scoring
spam i keep getting through - i am sure some tweaking will get it.
How do you check if these have blocked some spam? grep the maillog?
>
>> I am interested
>> in tweaking my postfix config myself. Any chance one fo the postfix
>> gurus like your self would post up your main.cf with some comments on
>> your anti spam settings?
> Will have to sanitise it a bit (don't want to spread any "secrets":-),
> but sure... It's really not that exciting reading... <snip> And sqeeze in a doctors
> appointment somewhere too):-).
>
That's cool - just figured some already tested and explained MTA set ups
would stop some of the easier spam. Appreciate any help you can offer.
No rush :)
More information about the MailScanner
mailing list