On 10-05-26 06:27 PM, LuKreme wrote:
On 26-May-2010, at 14:12, brian wrote:
I'll give all that a try. Does this order seem alright?
No, not really.
smtpd_recipient_restrictions = permit_mynetworks,
reject_unlisted_recipient, reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_recipient,
reject_non_fqdn_sender, reject_unauth_destination,
reject_unknown_recipient_domain, reject_unauth_pipelining
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_invalid_hostname, permit_mynetworks, [ … rest of restrictions
] reject_rbl_client zen.spamhaus.org permit
Even if someone is in your network, there is no reason to allow
unknown sender domains, invalid hostnames and (usually) non-fqdn,
though in some circumstances these two rules might not be desired.
Thanks, all, for the help. I'm going to carefully go over the various
suggestions with the Postfix docs open and hopefully arrive at a decent
setup.
After a few hours, it does seem that the bogus MX record has helped. I
still have a few REJECT entries but I suppose that's due to the DNS
propagation. I'll check again in the morning.
And I'm really happy to learn about postscreen. Thanks, all.
b
