King Spook wrote:
I'm getting hit pretty hard with spam, and was hoping to reduce it a
bit by adding the following smtpd restrictions:
smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_sender_restrictions = reject_non_fdqn_sender
Is that safe to do?
Yes! Depending on the day, anywhere from a third to half of messages
rejected in-session by my servers are due to those two restrictions
alone. In two years, I've yet to see a false positive. Just don't use
reject_unknown_helo_hostname (way too many false positives).
Caveat: Many MUAs use non-FQDN hostnames or worse. You get around this
problem by putting them in smtpd_recipient_restrictions, after
permit_mynetworks and permit_sasl_authenticated:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_non_fdqn_sender
reject_unlisted_sender,
reject_unlisted_recipient,
You should almost always keep all your restrictions in
smtpd_recipient_restrictions. It avoids evaluation-order headaches.
