please for submission port cfg review

Thu, 03 Sep 2015 06:06:08 -0700

Hi, I'm using Postfix 2.8.x and trying to configure properly the submission port 587 in our very new Postfix installation. I tried to read the doc and the result is below. The submission port should be used by clients from both inside and outside of $mynetworks, so it will be exposed to the rest of the world (spammers, ...). Hope it's a normal idea. I tried to configure it very restrictive and I'd like to try to kick off the spammers from the server as soon as possible to avoid stressing the mailserver, but still allow our normal clients (Thunderbirds, Outloooks) to send the email. I don't have so much experiences in this manner, so I don't know for example if the smtpd_tls_security_level=encrypt is valuable or not - if it makes the spammer's lifes more difficult (that was the goal of this settings). I'm also unsure if the Amavis check is valuable or not - I'm about to remove it. The next thing I'm unsure is how this restrictive settings will affect the clients with mobile phone 2G-mobile/edge slow connections. Sending emails to root@* and *@localhost* is restricted in the global cfg of the main.cf file.
I know, that at least in some of the options I'm breaking the rules (smtpd_timeout for example), but according to doc it should work and it's necessary for me to find a suitable settings. 

Please for any comments, suggestions etc.

Best regards, Tomas

----------------

submission inet n      -       n       -       -       smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=yes
        -o content_filter=smtp-amavis:[127.0.0.1]:10024
        -o syslog_name=submission
        -o receive_override_options=no_header_body_checks
        -o smtpd_tls_security_level=encrypt
        -o smtpd_tls_loglevel=1
        -o smtpd_timeout=${stress?10}${stress:30}
        -o smtpd_junk_command_limit=${stress?2}${stress:20}
        -o smtpd_soft_error_limit=${stress?5}${stress:5}
        -o smtpd_hard_error_limit=${stress?7}${stress:7}
        -o smtpd_starttls_timeout=${stress?7}${stress:60}
        -o address_verify_poll_count=${stress?1}${stress:3}

        -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject
























					Reply via email to