From: MacShane, Tracy (no email)
Date: Mon Mar 16 2009 - 21:14:00 EDT
> -----Original Message-----
> [mailto:] On Behalf Of Alberto Lepe
> Sent: Monday, 16 March 2009 4:18 PM
> Subject: Too strict?
> Hello, and thank you in advance for your time!
> I have been setting up a mail server since more than a week
> and after reading several posts/articles and some pages of
> the Postfix manual, I'm a little confused about how to setup
> the security.
> The mail server is outside my LAN and it will be used to
> serve some domains, with maybe 10 users per domain.
> This is my main.cf (restrictions):
> smtpd_data_restrictions = reject_unauth_pipelining
> smtpd_recipient_restrictions =
> # reject_unknown_sender_domain,
> # reject_unknown_recipient_domain,
> # reject_non_fqdn_hostname,
> # reject_unknown_client_hostname,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client bl.spamcop.net,
Leaving aside the other comments people have made, I have
reject_unknown_sender_domain (AFTER reject_unauth_destination) and
reject_non_fqdn_hostname configured. The latter check in particular
rejects thousands of connections a day so I don't have to keep hitting
the Zen lookups. No FPs that I've ever been made aware of.
reject_unlisted_recipient is redundant, since it's "yes" by default (but
no harm leaving it in).