LuKreme a écrit : > On 4-Apr-2009, at 16:02, Noel Jones wrote: >> Best in smtpd_data_restrictions so you don't reject sourceforge and >> others sender verification probes. > > Is there anything I need to be concerned about having/not having in > smtpd_data_restrictions? it is currently commented out. if I simply put: > > smtpd_data_restrictions = > reject_unauth_pipelining, > reject_rbl_client ips.backscatterer.org, > reject_rbl_client bl.spamcannibal.org > permit >
The RBL checks you added will reject legitimate mail. As already suggested, use a check_sender_access map to call these RBLs only when the sender is "null". > is that good enough? (the pipelining was there before in the commented > out declaration along with the permit). I am sad to say I am still a > little unclear about how the various smtpd_mumble_restrictions work > together. > in the default setup (smtpd_delay_reject=yes): - smtpd_client_restrictions, smtpd_helo_restrictions, smtpd_sender_restrictions and smtpd_recipient_restrictions are done after each RCPT TO command. - smtpd_data_restrictions is done after the DATA command An smtp transaction goes like this (I am only showin client commands) EHLO host.example.net MAIL FROM:<sen...@example.com> RCPT TO:<rc...@example.org> RCPT TO:<rc...@example.org> RCPT TO:<rc...@example.org> ... DATA ... QUIT > > Well, I am hoping spf helps a bit. I'd left off the ~all on some > domain's configuration and I've noticed a lot os this backscatter has > AFAIK, there is no evidence that SPF helps at all. There were some debate on this on the spamassassin and (if my memory can be trusted) on the amavisd-new lists. What I can tell is that I have no SPF records, and while the server gets a lot of spam, backscatter happens (relatively) rarely (yes, it happens as huge storms, but the overall frequency is very low). > [snip] > Oh, those look like a good idea in general, backscatter or not. At least > in the header_checks. I am leery of running body_checks as it seems > those would be expensive. > if you only put few checks, it's ok. >> If you're using SpamAssassin, the VBOUNCE rules are helpful. > > > Yeah, but SA is run after reception. I'd rather reject backscatter than > discard it, if possible. > sure, but you can't reject all backscatter. so you need a way to at least deliver the missed ones to a specific location... etc.
