On Tue, Mar 10, 2009 at 02:28:00PM -0600, LuKreme wrote:

> On 10-Mar-2009, at 09:59, Linux Addict wrote:
>> smtpd_recipient_restrictions =
>> reject_non_fqdn_sender,
>> reject_non_fqdn_recipient,
>> reject_unknown_sender_domain,
>> reject_unknown_recipient_domain,
>
> I have reject_invalid_hostname here as well (before permit_mynetworks)

This is unwise, SASL authenticated MUAs can easily have bogus HELO names.

>> permit_mynetworks,
>> permit_sasl_authenticated,
>> reject_unauth_destination,
>> reject_unlisted_recipient,
>
> I have reject_unlisted_sender instead, followed by:

It is reasonable to reject unknown recipients early, this is a cheap check,
and your spam stats are much more accurate when you only count mail to
real recipients.

>
>> reject_unknown_reverse_client_hostname
>
> You might want reject_unknown_client_hostname instead.

No, too aggressive.

>> reject_rbl_client zen.spamhaus.org,
>> reject_rbl_client bl.spamcop.net,
>
> I would be very very careful about using spamcop if you are accepting mail 
> for others.

>From all reports, it is pretty safe these days.

-- 
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Reply via email to