On 2018-03-01 08:14, John Fawcett wrote:
On 01/03/18 05:09, J Doe wrote:
Hi John,
On Feb 27, 2018, at 3:25 PM, John Fawcett <j...@voipsupport.it>
wrote:
I can't think of a compelling reason either to enable VRFY or to
disable
it. Disabling it stops people abusing it, but then they can just use
RCPT TO to get the same information in most cases. I disabled it
since I
can't see any use for it.
John
That is a valid point - I believe the VRFY RFC observed the same
thing: that RCPT TO can be used in a similar fashion.
Performing an EHLO to both Gmail and Hotmail/Outlook shows that they
both disable it, which I would expect, but do they implement a policy
of a certain number of invalid RCPT TO cause the connection to
terminate ?
I know there is a setting for the number of “junk commands” received
in Postfix, but that is different. Is there a method via main.cf for
restricting RCPT TO abuse ?
Thanks,
- J
These settings control behaviour of the smtpd server for number of
errors (including RCTP TO errors)
smtpd_soft_error_limit
smtpd_error_sleep_time
smtpd_hard_error_limit
The following setting controls how many RCPT TO commands can be sent
per
unit of time
smtpd_client_recipient_rate_limit
Are there any recommendations or guidelines how to set values for that
family of settins? They are all turned off in default as you see here:
http://www.postfix.org/TUNING_README.html#conn_limit
