Performance

Glenn Steen glenn.steen at gmail.com
Fri Feb 2 02:14:04 CET 2007


On 02/02/07, Peter Russell <pete at enitech.com.au> wrote:
>
>
> Glenn Steen wrote:
> > On 01/02/07, Peter Russell <pete at enitech.com.au> wrote:
> >>
> >>
> >> Glenn Steen wrote:
> >> > On 31/01/07, Peter Russell <pete at enitech.com.au> wrote:
> > (snip even more)
> >> >> >> relay_domains = katy.com katy.net katycomputer.com  schmerold.com
> >> >> > Why is there no "companion" relay_recipient_maps? You should reject
> >> >> > unknown recipients.
> >> >> >
> >> >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit
> >> >> >> smtpd_helo_required = yes
> >> >> > Here you should perhaps have a
> >> >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access
> >> >> > hash:/etc/postfix/deny_domain_spoof
> >> >> > Where the deny_domain_spoof is simply an access file detailing the
> >> >> > domains and IP addresses you relay for like "katy.com REJECT".
> >> Will be
> >> >> > perfectly safe to use.
> >> >>
> >> >> Glenn - should he have REJECT for domains he relays for?
> >> > Yes. The thinking here is to REJECT anyone pretending to be either
> >> > your domain (your MX) or any of the "internal/trusted" IP addresses,
> >> > unless they really are... The permit_mynetworks take care of not
> >> > rejecting things that shouldn't be rejected:).
> >> > As said, perfectly safe;-).
> >> > This one rejects a few every day.
>
> Thanks Glenn, i implemented the changes you suggested and now i get
> legitimate hosts being blocked.
Um and you'er thanking me for this?-):-)... If the hosts being blocked
should be in your mynetworks, but aren't, that would indeed reject
messages from those machines. But other than that.... Nah, show me
some logs:-).

> postfix/smtpd[10874]: warning: 203.35.216.230: hostname
> gateway.davidjones.com.au verification failed: Name or service not known
This isn't a reject, merely a verification warning. You shouldn't be
losing any mails by this.
As you can gather, I'm not quite convinced you are missing out on
anything relevant/having  a real problem here. In this particular
case, you can check it yourself... the reverse lookup leads to
gateway.davidjones.com.au, and the forward lookup for that leads...
nowhere. And that is all that log entry is about. If it bothers you
and they are a business contact, go ahead and tell them to fix that
leftover PTR (which is likely what it might be:).
Look for the NOQUEUE lines in the log. Do these coreespond with any
reported (by people:-) errors?

> I will leave off making any more MTA changes until one of the clever
> cloggs can post up some tips...
Um, english parser breakdown... Isn't a clogg a sort of wooden shoe?
And a clever clogg is then an intelligent footwear? Sort of an AI for
pedestrian appliances?:-)

> Thanks
> Pete

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list