From: Adam Levin (no email)
Date: Wed May 01 2002 - 14:23:52 EDT
On Wed, 1 May 2002, Peter Barnwell wrote:
> Currently I have my server configured to require that any sending host
> has a valid reverse DNS lookup, which has cut down the amount of UCE we
> receive a lot. However we have one client who has no reverse lookup, and
> insist they have no intention of fixing it.
>
> How have other people found this checking works, should I abandon it and
> go back to header checks, or carry on trying to get them to fix it. Or
> alternatively could I accept mail from them with no reverse as an
> exception; perhaps by putting their domain in 'sender'?
I have found that checking for reverse DNS ends up rejecting *a lot* of
legitimate mail.
My current set up is this:
smtpd_recipient_restrictions =
check_recipient_access dbm:/etc/postfix/spamlist,
permit_mynetworks,
check_client_access dbm:/etc/postfix/popclients,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_helo_access dbm:/etc/postfix/spamlist,
check_client_access dbm:/etc/postfix/spamlist,
check_sender_access dbm:/etc/postfix/spamlist,
warn_if_reject,reject_maps_rbl,
check_relay_domains
I monitor the RBL rejects (spamcop and dorkslayers are our maps).
spamlist is a combination of users/domains that I specify (when I receive
spam myself) plus Wirehub's fairly conservative spamlist
( http://basic.wirehub.nl/spamlist-usage.html ). Except for listing one
major retailer who we're trying to strike up a big deal with, Wirehub has
been a good choice.
-Adam
Adam Levin, Senior Unix Systems Administrator | http://www.audible.com/
Audible, Inc. Savoring the strange, warm glow of being much more
Wayne, NJ, 07470 ignorant than ordinary people, who are only ignorant
973-837-2797 of ordinary things.
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|