From: Stephen Hoover (no email)
Date: Tue Oct 01 2002 - 11:18:26 EDT
Ahh, excellent point! When I added that set of restrictions to
smtpd_sender_restrictions, I forgot to add permit_mynetworks to it -
messed up on that one. Thanks for the reply.
I need to get to around to moving those to smtpd_recipient_restrictions
actually...
Stephen Hoover
Dallas, Texas
> -----Original Message-----
> From:
> [mailto:]On Behalf Of Marshal Newrock
> Sent: Tuesday, October 01, 2002 10:00 AM
> To: Stephen Hoover
> Cc:
> Subject: Re: Frequently forged domains, my domain...
>
>
> On Tue, 1 Oct 2002, Stephen Hoover wrote:
>
> > If I add my own domain to the smtpd_sender_restrictions maps, how
> > expensive is it to have that check ran on every internal
> email? We run a
> > REAL small email server, so I know we can afford the hit,
> but that's not
> > really what I want to know. I'd like a good estimation of
> the cost of
> > that particular extra check on all internal email.
>
> If you have permit_mynetworks, then internal mail will never see
> check_sender_access. On our server, we have simons-rock.edu REJECT in
> check_helo_access, which stops spammers who try to claim to be us.
> Legitimate mail goes through because permit_mynetworks comes
> first. For
> us, sender access is not restricted, since there might be
> people sending
> mail from off-campus to on-campus legitimately, without first checking
> their mail (and thus using pop-before-smtp). You probably
> don't have that
> situation.
>
> I also have everything in smtpd_recipient_restrictions, as is
> frequently
> recommended here, so I can see the exact order in which all the
> restrictions are applied.
>
> --
> Marshal Newrock, Simon's Rock College of Bard
> Caution: product may be hot after heating
>
>
>
> -
> To unsubscribe, send mail to with content
> (not subject): unsubscribe postfix-users
>
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|