Thank you for the response.
After some more thoughts being an announce only list, how about
something like this..
1. Only specific email addresses are allowed to send email to announce-list.
E.g.-> only a...@gmail.com , b...@hotmail.com and c...@ymail.com can send
email to mail ids on our server)
2. Only specific email addresses can receive the email(s) from outside server.
E.g-> (only list-subscribe, list-unsubscribe, list-request can
receive email from *anyone*)
Is there a way to configure above two independent scenarios in single
instance of postfix? Is so, you mind sharing the exact steps? That
would serve the purpose too.
Sorry, above questions are rather spontaneous and haven't done much
research. Hope, this appears to be really interesting question. If
this works out, all announce-only lists people can use it w/o any need
of maintaining very complex (and sometime to be paid for blacklists).
- TIA
Bob.
On Fri, May 8, 2009 at 3:19 PM, Noel Jones <njo...@megan.vbhcs.org> wrote:
> bob 001 wrote:
>>
>> Hello All,
>> Couple questions. Appreciate your responses.
>>
>> 1. Is there any way to set anti spam settings just for incoming emails
>> to server? It is announce-only mailing list. So, not much worried
>> about outgoing stuff for now. We can change it later to check for
>> both ways if the reason arises so.
>
> If the list manager server is part of mynetworks, no filtering will be
> performed on outgoing list mail.
>
>> 2. Here are settings I intent to use. Kindly suggest if you see any
>> risk to outgoing emails. We really don't want to try checking any
>> out-going emails.
>>
>> Settings source :-
>>
>> http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html
>
> Outdated, but a good starting point.
>
>>
>> ==
>> disable_vrfy_command = yes
>
> Rather useless since the attacker can get the same info using RCPT, but OK
> if it makes you feel better.
>
>> smtpd_delay_reject = yes
>
> "yes" is the default. Don't change it.
>
>> smtpd_helo_required = yes
>
> OK, but rarely rejects anything.
>
>> smtpd_recipient_restrictions =
>> permit_sasl_authenticated,
>
> You'll want to add here:
> permit_mynetworks
> reject_unauth_destination
>
>> reject_invalid_hostname,
>> reject_non_fqdn_hostname,
>> reject_non_fqdn_sender,
>> reject_non_fqdn_recipient,
>> reject_unknown_sender_domain,
>
> OK.
>
>> reject_unknown_recipient_domain,
>
> Remove this. The only possible effect here is to reject your own domain if
> your DNS hiccups.
>
>> reject_rbl_client list.dsbl.org,
>
> Dead list. Remove it.
>
>> reject_rbl_client sbl.spamhaus.org,
>> reject_rbl_client cbl.abuseat.org,
>
> The above two should be replaced by
> reject_rbl_client zen.spamhaus.org
> be sure to check spamhaus' web site for usage restrictions, they are no
> longer free for everyone.
>
>> reject_rbl_client dul.dnsbl.sorbs.net,
>
> OK.
>
>> permit
>
> Default action, but doesn't hurt anything.
>
>> smtpd_error_sleep_time = 1s
>> smtpd_soft_error_limit = 10
>> smtpd_hard_error_limit = 20
>
> These are default values.
>
> -- Noel Jones
>
