Thanks for your replies. Actually I'm already using greylisting, but I can see how delay greeting reduces an extra bit the amount of spam received.
I work at a Consulting company with offer support and manteinance services to other companies so I cannot monitor all day postfix servers of all my customers. I can't know the pattern of clients connecting from dynamic IP addresses to authenticate via SMTP. There are also a lot of spam coming from hosts with FQDN and PTR records, so enabling delay greeting only to 'unknown' clients is not so useful for me :( I know that all your replies are valid alternatives but I just wanted to know if this Outlook's behavior against smtpd_delay_reject has a solution while keeping my settings as they are. Thanks Noel Jones escribió: > Jason Voorhees wrote: >> Hi friends: >> >> I'm sorry but my english isn't good yet. >> >> I'm running Postfix with some smtpd restrictions like these: >> >> >> smtpd_delay_reject = no >> >> smtpd_client_restrictions = >> permit_mynetworks, >> sleep 25, >> permit_sasl_authenticated > > This is very unfriendly. You're penalizing the entire internet (and > your own remote authenticated users) because of a few bad actors. > > Greylisting is a far better and far more effective choice. I suggest > you abandon this method and implement greylisting. > http://www.postfix.org/addon.html#policy > > If you insist on using the "sleep" feature, the proper way is like this: > > smtpd_client_restrictions = > permit_mynetworks > permit_sasl_authenticated > sleep 2 > reject_unauth_pipelining > > Using sleep values greater than 5 will likely offer little benefit at > the expense of every legit client. > >> >> smtpd_helo_restrictions = >> permit_mynetworks, >> permit_sasl_authenticated, >> reject_non_fqdn_hostname, >> reject_invalid_hostname, >> >> >> among others UCE settings. >> This setting works fine because stop spammers with delay greeting. So, >> people behind 'mynetworks' can send e-mail without problems and without >> delays. >> >> But other people that aren't in 'mynetworks' (i.e: some user at his >> laptop on Internet) can't send e-mail trough Outlook Express or MS >> Outlook. >> He gets the following error: >> >> >> 504 5.5.2 <angelxp>:Helo command rejected: need fully-qualified >> hostname; proto=SMTP helo=<angelxp> > > Your error report is inconsistent with your presented evidence. If you > need more help, show "postconf -n" output and complete postfix log > entries showing the problem. > http://www.postfix.org/DEBUG_README.html#mail > >
