On Fri, 2005-04-01 at 16:26 -0500, Chris Mauritz wrote:
Personally, I reject mail from any server with broken DNS. It's extremely low hanging fruit to avoid a lot of spam from zombie PCs in Asia/Eastern Europe. You also might want to consider using the various freely available RBL sites to eliminate known naughty hosts/networks. After mail runs this gauntlet, I pass it through CRM114 and have reduced the spam that makes it to my mailbox to a couple of messages a week.
Here's the relevant lines from my postfix config:
maps_rbl_reject_code = 571 smtpd_helo_required = yes smtpd_delay_reject = no allow_untrusted_routing = no disable_vrfy_command = yes # maps_rbl_domains = relays.ordb.org, opm.blitzed.org, list.dsbl.org, sbl.spamhaus.org, cbl.abuseat.org, dul.dnsbl.sorbs.net
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_maps_rbl, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
stale_lock_time = 120 default_rbl_reply = $rbl_code Service denied; blocked
---- wow - that's a pretty impressive list - curiously, no smtpd_helo_restrictions but I am gathering that you figure that the smtpd restrictions would cover that.
Is the above suitable for an office mail server or is this for one person who is less concerned about fringe stuff that may get rejected?
Craig