bob 001 wrote:
Hello All,
Couple questions. Appreciate your responses.
1. Is there any way to set anti spam settings just for incoming emails
to server? It is announce-only mailing list. So, not much worried
about outgoing stuff for now. We can change it later to check for
both ways if the reason arises so.
If the list manager server is part of mynetworks, no filtering
will be performed on outgoing list mail.
2. Here are settings I intent to use. Kindly suggest if you see any
risk to outgoing emails. We really don't want to try checking any
out-going emails.
Settings source :-
http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html
Outdated, but a good starting point.
==
disable_vrfy_command = yes
Rather useless since the attacker can get the same info using
RCPT, but OK if it makes you feel better.
smtpd_delay_reject = yes
"yes" is the default. Don't change it.
smtpd_helo_required = yes
OK, but rarely rejects anything.
smtpd_recipient_restrictions =
permit_sasl_authenticated,
You'll want to add here:
permit_mynetworks
reject_unauth_destination
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
OK.
reject_unknown_recipient_domain,
Remove this. The only possible effect here is to reject your
own domain if your DNS hiccups.
reject_rbl_client list.dsbl.org,
Dead list. Remove it.
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
The above two should be replaced by
reject_rbl_client zen.spamhaus.org
be sure to check spamhaus' web site for usage restrictions,
they are no longer free for everyone.
reject_rbl_client dul.dnsbl.sorbs.net,
OK.
permit
Default action, but doesn't hurt anything.
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
These are default values.
-- Noel Jones
