On Tue, Mar 19, 2013 at 4:30 PM, Matthew Hall <mhcomput...@gmail.com> wrote:
> It seems like I keep seeing you on every crypto and security list!
> Thanks for being there and assisting people so often.
Based on the feedback from Viktor, I've made some similar changes in my
2.10 config. It's close to Matthew's, but different enough that
I'd appreciate a quick sanity check:
# SMTPD Restrictions
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_recipient_restrictions =
reject_invalid_hostname,
warn_if_reject reject_non_fqdn_hostname,
warn_if_reject reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
warn_if_reject reject_unknown_reverse_client_hostname,
warn_if_reject reject_non_fqdn_helo_hostname,
warn_if_reject reject_invalid_helo_hostname,
warn_if_reject reject_unknown_helo_hostname,
reject_unauth_pipelining,
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
check_helo_access hash:/etc/postfix/helo_access,
check_sender_access hash:/etc/postfix/check_backscatterer,
check_sender_access hash:/etc/postfix/access,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client psbl.surriel.com,
reject_rhsbl_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
permit
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
Thx,
SteveJ
