On Fri, 2005-04-01 at 16:26 -0500, Chris Mauritz wrote:
Personally, I reject mail from any server with broken DNS. It's extremely low hanging fruit to avoid a lot of spam from zombie PCs in Asia/Eastern Europe. You also might want to consider using the various freely available RBL sites to eliminate known naughty hosts/networks. After mail runs this gauntlet, I pass it through CRM114 and have reduced the spam that makes it to my mailbox to a couple of messages a week.
Here's the relevant lines from my postfix config:
maps_rbl_reject_code = 571 smtpd_helo_required = yes smtpd_delay_reject = no allow_untrusted_routing = no disable_vrfy_command = yes # maps_rbl_domains = relays.ordb.org, opm.blitzed.org, list.dsbl.org, sbl.spamhaus.org, cbl.abuseat.org, dul.dnsbl.sorbs.net
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_maps_rbl, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
stale_lock_time = 120 default_rbl_reply = $rbl_code Service denied; blocked
---- an fyi - postfix 2.2.1
warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead
is logged in /var/log/maillog
and http://www.postfix.org/spam.html#maps_rbl_domains
says nothing about this change
Craig