better blocking at MTA level (off-topic)
Dhawal Doshy
dhawal at netmagicsolutions.com
Sat May 26 11:14:13 IST 2007
Koopmann, Jan-Peter wrote:
> On Saturday, May 26, 2007 10:40 AM Hugo van der Kooij wrote:
>
>> reject_invalid_hostname,
>> reject_non_fqdn_hostname,
>> reject_unknown_hostname
>> reject_non_fqdn_sender,
>> reject_unknown_sender_domain
>> reject_non_fqdn_recipient,
>> reject_unknown_recipient_domain,
>> reject_unauth_destination
>> check_policy_service unix:/var/spool/postfix/postgrey/socket
>
> I wish I could use all of those for strict testing. Unfortunatly too
> many legit senders of our clients are too stupid to setup their
> mail-servers correctly.
Run 2 instances of your MTA on different IPs.. one for incoming and the
other for outgoing.. the incoming can be strictly configured with the
above and you can be less strict on the outgoing as long as there is
smtp-auth
More information about the MailScanner
mailing list