Roderick A. Anderson wrote:
I'm implementing greylisting on CentOS 5 systems.
These are spools for the actual mailserver/mailbox systems.
Currently we have:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
useless.
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_unlisted_recipient,
permit_mynetworks,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
permit
All the install documents I've found say to put the check_policy_service
after reject_unauth_destination but looking at this I wonder if it
should go further down on the list. Possibly after
reject_invalid_hostname or reject_non_fqdn_hostname.
if it returns "defer_if_permit", put it at last (after reject_rbl_client
...).
if it returns "defer", put it just before the first reject_rbl_client.
if in doubt, put it at last.
PS. when I say put it at last, I mean before the (useless) "permit".
In fact how does the above listing look? It has been working for years
but maybe there is a better order or some additional checks that could
be done.
depends on what you want. the following is somewhat similar to your setup:
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_non_fqdn_recipient
permit_mynetworks
#permit_sasl_authenticated
reject_unauth_destination
reject_unlisted_recipient
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_sender_domain
reject_rbl_client zen.spamhaus.org
#check_policy_service ...
the differences with your setup are left as an excercice;-p
But mostly I'm wondering where I should place the check_policy_service
line.
TIA,
Rod
