better blocking at MTA level (off-topic)

Dhawal Doshy dhawal at netmagicsolutions.com
Sat May 26 11:14:13 IST 2007


Koopmann, Jan-Peter wrote:
> On Saturday, May 26, 2007 10:40 AM Hugo van der Kooij wrote: 
> 
>>          reject_invalid_hostname,
>>          reject_non_fqdn_hostname,
>>          reject_unknown_hostname
>>          reject_non_fqdn_sender,
>>          reject_unknown_sender_domain
>>          reject_non_fqdn_recipient,
>>          reject_unknown_recipient_domain,
>>          reject_unauth_destination
>>          check_policy_service unix:/var/spool/postfix/postgrey/socket
> 
> I wish I could use all of those for strict testing. Unfortunatly too
> many legit senders of our clients are too stupid to setup their
> mail-servers correctly.

Run 2 instances of your MTA on different IPs.. one for incoming and the 
other for outgoing.. the incoming can be strictly configured with the 
above and you can be less strict on the outgoing as long as there is 
smtp-auth


More information about the MailScanner mailing list