[TriLUG] Open Mail Relay - What Happened?

Alan Porter porter at trilug.org
Thu Jun 28 09:46:00 EDT 2007


Hi Randy,

You need to set up some restrictions for who can connect, who can send, 
who can receive. These are done using the "smtpd_XXXXX_restrictions" 
options. Mine are below. Obviously, some bits are a work in progress, 
but this should point you in the right direction.

Alan



smtpd_helo_restrictions =
permit_sasl_authenticated,
# permit_mynetworks is required for SquirrelMail to work
permit_mynetworks,
check_helo_access mysql:/etc/postfix/mysql_blacklist_helo.cf,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit

# check sender address (see 
http://www.freesoftwaremagazine.com/articles/focus_spam_postfix)

smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
# check to see if they claim to be ME
##warn_if_reject check_sender_mx_access
# new 2006-11-12
check_sender_access mysql:/etc/postfix/mysql_blacklist_sender.cf,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit

smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access mysql:/etc/postfix/mysql_blacklist_recipient.cf,
# not implemented yet - I am not dealing with secondaries yet
#check_helo_access mysql:/etc/postfix/mysql_secondary_mx.cf,
## NO LONGER WORKING -> reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
# 'spfpolicy' is defined in master.cf, points to a perl script in 
/usr/local/lib/postfix
#check_policy_service unix:private/spfpolicy
# Postgrey is on port 60000
check_policy_service inet:127.0.0.1:60000,
permit

smtpd_data_restrictions =
reject_unauth_pipelining,
permit









.




More information about the TriLUG mailing list