Personally, I reject mail from any server with broken DNS. It's extremely low hanging fruit to avoid a lot of spam from zombie PCs in Asia/Eastern Europe. You also might want to consider using the various freely available RBL sites to eliminate known naughty hosts/networks. After mail runs this gauntlet, I pass it through CRM114 and have reduced the spam that makes it to my mailbox to a couple of messages a week.
Here's the relevant lines from my postfix config:
maps_rbl_reject_code = 571 smtpd_helo_required = yes smtpd_delay_reject = no allow_untrusted_routing = no disable_vrfy_command = yes # maps_rbl_domains = relays.ordb.org, opm.blitzed.org, list.dsbl.org, sbl.spamhaus.org, cbl.abuseat.org, dul.dnsbl.sorbs.net
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_maps_rbl, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
stale_lock_time = 120 default_rbl_reply = $rbl_code Service denied; blocked
Good luck,
C
Craig White wrote:
I am used to sendmail and am using Postfix now and am uncertain of some features. I typically would comment out the line in sendmail.mc that went something like 'accept unresolvable domains'
I tried using
smtpd_sender_restrictions = reject_unverified_sender reject_unverified_smtp
and this seems a bit too restrictive and got some bounces on legitimate senders
so I'm thinking that this is perhaps a bit more apropos...
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
does this make sense?