Jason Voorhees wrote:
Hi friends:
I'm sorry but my english isn't good yet.
I'm running Postfix with some smtpd restrictions like these:
smtpd_delay_reject = no
smtpd_client_restrictions =
permit_mynetworks,
sleep 25,
permit_sasl_authenticated
This is very unfriendly. You're penalizing the entire
internet (and your own remote authenticated users) because of
a few bad actors.
Greylisting is a far better and far more effective choice. I
suggest you abandon this method and implement greylisting.
http://www.postfix.org/addon.html#policy
If you insist on using the "sleep" feature, the proper way is
like this:
smtpd_client_restrictions =
permit_mynetworks
permit_sasl_authenticated
sleep 2
reject_unauth_pipelining
Using sleep values greater than 5 will likely offer little
benefit at the expense of every legit client.
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_invalid_hostname,
among others UCE settings.
This setting works fine because stop spammers with delay greeting. So,
people behind 'mynetworks' can send e-mail without problems and without
delays.
But other people that aren't in 'mynetworks' (i.e: some user at his
laptop on Internet) can't send e-mail trough Outlook Express or MS Outlook.
He gets the following error:
504 5.5.2 <angelxp>:Helo command rejected: need fully-qualified
hostname; proto=SMTP helo=<angelxp>
Your error report is inconsistent with your presented
evidence. If you need more help, show "postconf -n" output
and complete postfix log entries showing the problem.
http://www.postfix.org/DEBUG_README.html#mail
--
Noel Jones
