[CentOS] postfix tightening
Craig White
craigwhite at azapple.com
Sat Apr 2 00:20:02 UTC 2005
On Fri, 2005-04-01 at 16:26 -0500, Chris Mauritz wrote:
> Personally, I reject mail from any server with broken DNS. It's
> extremely low hanging fruit to avoid a lot of spam from zombie PCs in
> Asia/Eastern Europe. You also might want to consider using the various
> freely available RBL sites to eliminate known naughty hosts/networks.
> After mail runs this gauntlet, I pass it through CRM114 and have reduced
> the spam that makes it to my mailbox to a couple of messages a week.
>
> Here's the relevant lines from my postfix config:
>
> maps_rbl_reject_code = 571
> smtpd_helo_required = yes
> smtpd_delay_reject = no
> allow_untrusted_routing = no
> disable_vrfy_command = yes
> #
> maps_rbl_domains =
> relays.ordb.org,
> opm.blitzed.org,
> list.dsbl.org,
> sbl.spamhaus.org,
> cbl.abuseat.org,
> dul.dnsbl.sorbs.net
>
> smtpd_recipient_restrictions =
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> permit_mynetworks,
> reject_unauth_destination,
> reject_maps_rbl,
> permit
>
> smtpd_data_restrictions =
> reject_unauth_pipelining,
> permit
>
> stale_lock_time = 120
> default_rbl_reply = $rbl_code Service denied; blocked
----
an fyi - postfix 2.2.1
warning: support for restriction "reject_maps_rbl" will be removed from
Postfix; use "reject_rbl_client domain-name" instead
is logged in /var/log/maillog
and http://www.postfix.org/spam.html#maps_rbl_domains
says nothing about this change
Craig
More information about the CentOS
mailing list