On 10/20/2010 03:38 AM, Steve Jenkins wrote:
THANK YOU Jeroen. J I really appreciate you taking the time to help me
with some specific steps I can try.
Well, let's say I can provide you with some pointers.
That doesn't absolve you of the responsibility to study the
documentation thoroughly.
non_smtpd_milters = inet:localhost:20209
smtpd_milters = inet:localhost:20209
What are all these milters doing ?
Do you *know* ?
How can you use the same service for both smtp and non-smtp milters ?
Presumably, they don't take the same input format.
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_unknown_reverse_client_hostname, warn_if_reject
reject_non_fqdn_helo_hostname, warn_if_reject
reject_invalid_helo_hostname, warn_if_reject
reject_unknown_helo_hostname, reject_unauth_pipelining,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_invalid_hostname, permit
Still missing a good RBL check; check out zen (www.spamhaus.org/zen)
virtual_alias_domains = familyname.com
virtual_alias_maps = hash:/etc/postfix/virtual
The /etc/postfix/virtual is set up as follows. Every line in there is
either a local POP account or the destination forwarding address. I
don't use any catch-alls, and prefer that my server reject unknown
local recipients (or in this case, I should probably say "local").
No, since these are virtual aliases, postfix will reject any *virtual*
recipients that don't appear here.
It makes no judgement on the RHS of the aliases.
Familyname.com #Family Domain for Mail
st...@familyname.com <mailto:st...@familyname.com> steve
sis...@familyname.com <mailto:sis...@familyname.com> sister
a...@familyname.com <mailto:a...@familyname.com> auntsaddr...@cox.net
<mailto:auntsaddr...@cox.net>
d...@familyname.com <mailto:d...@familyname.com> dadsaddr...@gmail.com
<mailto:dadsaddr...@gmail.com>
Like you, I'm also running a pre-2.8 build (2.6.5).
Um. pre-2.8 means I run a pre-release build of postfix 2.8 with the
postscreen code patched in to it.
Postscreen doesn't work on earlier versions, and is still not finalized
AFAIK.
I hadn't heard of postscreen until just now, but I'll check it out.
That would be why. Don't worry about it, you can do fine without.
Would you mind sharing (anonymized if you wish) some examples of
permutations of your IP and hostname(s) to reject from your
helo_access file? What types of permutations are classically used by
spammers that I can safely block without rejecting legitimate mail?
Just list your literal IP and hostname(s) to start with.
Many spammers try to circumvent remote client restrictions that way.
*From:* owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] *On Behalf Of *Jeroen Geilman
*Sent:* Tuesday, October 19, 2010 7:10 PM
*To:* postfix-users@postfix.org
*Subject:* Re: Fighting Backscatter
Oh, and please don't top-post.
J.
And you're still top-posting.
--
J.
