I've just updated my postfix install to 2.8 patch 14 (from 2.7) and am looking
into enabling postscreen. I've read the
http://www.postfix.org/POSTSCREEN_README.html document, and it looks like I
should replace my old rbi checks with the new postscreen_dnsbl_sites value, but
what about some of the other checks?
I'm thinking that things like header checks, mime header checks, pipelining,
fan, and several others should go away in preference to postscreen, or am I
overestimating the utility of what postscreen can do?
header_checks = pcre:$config_directory/header_checks.pcre
mime_header_checks = pcre:$config_directory/mime_headers.pcre
mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost,
ns1.$mydomain, ns2.$mydomain, mail.$mydomain, www.$mydomain, webmail.$mydomain
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,
check_sender_access hash:$config_directory/backscatter
permit
smtpd_error_sleep_time = 28
smtpd_hard_error_limit = 8
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
permit
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_invalid_hostname,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unlisted_sender,
reject_unknown_reverse_client_hostname,
warn_if_reject reject_unknown_client_hostname,
check_client_access cidr:/var/db/dnswl/postfix-dnswl-permit,
check_sender_access pcre:$config_directory/sender_access.pcre,
check_client_access pcre:$config_directory/check_client_fqdn.pcre,
check_recipient_access pcre:$config_directory/recipient_checks.pcre,
check_client_access hash:$config_directory/access,
permit
--
When cheese gets its picture taken, what does it say?
