[PLUG] email over the Internet...
plug_0 at robinson-west.com
plug_0 at robinson-west.com
Sat Oct 7 04:34:26 UTC 2006
Working with a seller on ebay, he said I bounced 2 of his emails to me.
I greylist, what else can I do to avoid having to content filter the
junk any random zombie on the Net tries to throw at me?
According to postconf mail_version:
mail_version = 2.1.1
I use postfix on a mail relay, my main.cf follows with comments embedded:
queue_directory = /var/spool/relay_spool
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody
canonical_maps=hash:/etc/postfix/canonical
mydomain=robinson-west.com
myorigin=$mydomain
inet_interfaces = 209.210.202.170, 127.0.0.1
mydestination=
local_recipient_maps=
local_transport= error:local delivery is disabled
virtual_alias_maps=hash:/etc/postfix/virtual
mynetworks=127.0.0.0/8, 209.210.202.168/29
relay_domains = $mydomain, goose.$mydomain
parent_domain_matches_subdomains =
debug_peer_list smtpd_access_maps
relay_recipient_maps=hash:/etc/postfix/relay_recipients
transport_maps=hash:/etc/postfix/transport
in_flow_delay = 1s
smtpd_banner = $myhostname ESMTP $mail_name
# What should smtpd_banner be and why does postfix allow flexibility here?
# What is in_flow_delay for and what should it be set to?
smtpd_delay_reject = yes
smtpd_helo_required=yes
disable_vrfy_command=yes
smtpd_reject_unlisted_sender=yes
# I don't understand smtpd_delay_reject, help.
# Why does postfix need smtpd_helo_required? Isn't this standard behavior for
# the (e)smtp protocol? What does smtp_helo_required do and will the helo
# address ever be used in a standard way?
# I don't understand what verify is about at all.
# I am assuming the smtpd_reject_unlisted_sender is for the greylisting, spf,
# and blacklisting rules that follow as a sort of default policy.
smtpd_helo_restrictions= check_helo_access hash:/etc/postfix/access,
check_helo_access hash:/etc/postfix/invalid_helo,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_hostname,
permit_mynetworks
# Again, is any standard followed on the Internet for the helo address? The
# above rules are recommended in a lot of postfix documentation, but these
# rules appear to be for a standard that isn't adhered to. The invalid_helo
# file is just a way to prevent mail coming in on my server that claims to be
# from the server itself. Is a requirement that a fully qualified domain
# name match the helo string not adhered to? How about the unknown hostname
# and invalid hostname rules, are they RFC and standard practices compatible?
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/whitelist,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_policy_service unix:private/policy-spf,
check_sender_access hash:/etc/postfix/sender_access,
reject_unlisted_recipient,
check_policy_service unix:private/policy-greylist,
reject_rbl_client dnsbl.ahbl.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client hil.habeas.com,
reject_rbl_client bl.spamcop.net,
reject_rbl_client psbl.surriel.com,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dnsbl.sorbs.net,
reject_rhsbl_sender bogusmx.rfc-ignorant.com,
reject_rhsbl_sender bulk.rhs.mailpolice.com,
reject_rhsbl_sender porn.rhs.mailpolice.com,
reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_rhsbl_sender postmaster.rfc-ignorant.org,
reject_rhsbl_sender abuse.rfc-ignorant.org,
reject_rhsbl_sender whois.rfc-ignorant.org,
permit
# In this section, I created a whitelist of email source addresses
# that I want to short circuit the greylist and SPF checks for because
# letting email in from certain legit sources is more important than
# blocking someone trying to spoof those sources. The rfc-ignorant
# lines have been a problem at times. A lot of sites seem to
# have abandoned: postmaster, abuse, and whois. Another question, is
# every legit email server on the Internet going to be fully qualified
# so that I can get past reject_non_fqdn_sender, etc.?
#
# With the inability to control your own PTR zone if you have a subnet
# and a shortage of IP blocks, reverse lookups on a hostname can fail
# to match a hostname. Worse, not everyone is in whois. PTR records
# should be 1 to many mappings and PTR zones should be able to cover
# subnets of any size in my opinion. The maximum number of names that
# can be mapped to an ip address should be rigidly defined. Why when
# dns was set up were PTR zones not supported in the same fashion that
# forward zones are? Why can I point forward lookups but not reverse
# lookups to my own subnet for a domain I control?
policy_time_limit = 60
# Is this how long I greylist for???
smtpd_sender_restrictions = reject_unknown_sender_domain
# What part of the mail header does the following deal with?
smtpd_client_restrictions = reject_unauth_pipelining,
permit_mynetworks
# What is pipelining???
smtpd_restriction_classes = local_only
local_only =
check_recipient_access hash:/etc/postfix/local_domains, reject
# Do the latter rules mean that only local sources can send email or do
# they mean that only local sources can receive email via my server???
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-1.1.7/samples
readme_directory = /etc/postfix/README_FILES
# Does postfix actually use these paths which hopefully aren't compiled in???
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
defer_code = 450
invalid_hostname_reject_code = 501
maps_rbl_reject_code = 554
non_fqdn_reject_code = 504
reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
multi_recipient_bounce_reject_code = 550
# Aren't the latter smtp code definitions part of the (e)smtp definition?
# Why does postfix let me set them??? What should they be set to???
html_directory = no
# Uhm, what does html have to do with postfix???
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
More information about the PLUG
mailing list