|Main Archive Page > Month Archives > postfix-users archives|
On 10/20/2010 03:38 AM, Steve Jenkins wrote:
> THANK YOU Jeroen. J I really appreciate you taking the time to help me
> with some specific steps I can try.
Well, let's say I can provide you with some pointers.
That doesn't absolve you of the responsibility to study the
> non_smtpd_milters = inet:localhost:20209
> smtpd_milters = inet:localhost:20209
What are all these milters doing ?
Do you *know* ?
How can you use the same service for both smtp and non-smtp milters ?
Presumably, they don't take the same input format.
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> reject_unknown_reverse_client_hostname, warn_if_reject
> reject_non_fqdn_helo_hostname, warn_if_reject
> reject_invalid_helo_hostname, warn_if_reject
> reject_unknown_helo_hostname, reject_unauth_pipelining,
> reject_non_fqdn_sender, reject_unknown_sender_domain,
> reject_invalid_hostname, permit
Still missing a good RBL check; check out zen (www.spamhaus.org/zen)
> virtual_alias_domains = familyname.com
> virtual_alias_maps = hash:/etc/postfix/virtual
> The /etc/postfix/virtual is set up as follows. Every line in there is
> either a local POP account or the destination forwarding address. I
> don't use any catch-alls, and prefer that my server reject unknown
> local recipients (or in this case, I should probably say "local").
No, since these are virtual aliases, postfix will reject any *virtual*
recipients that don't appear here.
It makes no judgement on the RHS of the aliases.
> Familyname.com #Family Domain for Mail
> email@example.com <mailto:firstname.lastname@example.org> steve
> email@example.com <mailto:firstname.lastname@example.org> sister
> email@example.com <mailto:firstname.lastname@example.org> email@example.com
> firstname.lastname@example.org <mailto:email@example.com> firstname.lastname@example.org
> Like you, I'm also running a pre-2.8 build (2.6.5).
Um. pre-2.8 means I run a pre-release build of postfix 2.8 with the
postscreen code patched in to it.
Postscreen doesn't work on earlier versions, and is still not finalized
> I hadn't heard of postscreen until just now, but I'll check it out.
That would be why. Don't worry about it, you can do fine without.
> Would you mind sharing (anonymized if you wish) some examples of
> permutations of your IP and hostname(s) to reject from your
> helo_access file? What types of permutations are classically used by
> spammers that I can safely block without rejecting legitimate mail?
Just list your literal IP and hostname(s) to start with.
Many spammers try to circumvent remote client restrictions that way.
> *From:* email@example.com
> [mailto:firstname.lastname@example.org] *On Behalf Of *Jeroen Geilman
> *Sent:* Tuesday, October 19, 2010 7:10 PM
> *To:* email@example.com
> *Subject:* Re: Fighting Backscatter
> Oh, and please don't top-post.
And you're still top-posting.