Prev: Postfix relay - restrict addresses EXCEPT from specific host
Next: postfix load handling
From: Walter Pinto on 9 Aug 2010 14:09
I stopped using the perl SPF implementation because it would spawn too
many instances and not properly terminate the process when complete,
after a while it would overload the server with MailScanner running
alongside. I haven't tried the python version.

From: =?ISO-8859-1?Q?Martin_Sch=FCtte?= on 9 Aug 2010 16:43
On 08/09/10 16:29, Nicolas Michel wrote:
> I want to know if there is a way to reject connections from host not
> listed in the MX records of the domain it claims to be.

Try http://www.policyd-weight.org/

It checks and compares the client IP, its HELO, the from address.
Among other attributes it also checks whether the client is an MX for
its domain or in the same /24 subnet as the MX.

I also use it to include DNSBLs; because it uses a scoring system and a
single false positive attribute or BL listing will not cause a reject.

--
Martin

From: Nicolas Michel on 9 Aug 2010 19:10
On 08/09/2010 10:43 PM, Martin Sch�tte wrote:
> On 08/09/10 16:29, Nicolas Michel wrote:
>> I want to know if there is a way to reject connections from host not
>> listed in the MX records of the domain it claims to be.
>
> Try http://www.policyd-weight.org/
>
> It checks and compares the client IP, its HELO, the from address.
> Among other attributes it also checks whether the client is an MX for
> its domain or in the same /24 subnet as the MX.
>
> I also use it to include DNSBLs; because it uses a scoring system and a
> single false positive attribute or BL listing will not cause a reject.
>
I just read some articles about DKIM. Someone already tried it?
There's something I'm not sure about : once a mail is encrypted, only
receivers which have DKIM feature on their mail can decrypt the mail? Or
this is compatible with standard mail server with no DKIM?

From: Walter Pinto on 9 Aug 2010 19:19
I also can vouch for policyd-weight , with a bit of configuration it
can be a very useful tool. Combine it with the fail2ban postfix log
wrapper and you're on the right track.

From: Dennis Guhl on 9 Aug 2010 19:32
On Tue, Aug 10, 2010 at 01:10:22AM +0200, Nicolas Michel wrote:
> On 08/09/2010 10:43 PM, Martin Sch�tte wrote:
> >On 08/09/10 16:29, Nicolas Michel wrote:
> >>I want to know if there is a way to reject connections from host not
> >>listed in the MX records of the domain it claims to be.
> >
> >Try http://www.policyd-weight.org/
> >
> >It checks and compares the client IP, its HELO, the from address.
> >Among other attributes it also checks whether the client is an MX for
> >its domain or in the same /24 subnet as the MX.
> >
> >I also use it to include DNSBLs; because it uses a scoring system and a
> >single false positive attribute or BL listing will not cause a reject.
> >
> I just read some articles about DKIM. Someone already tried it?

No.

> There's something I'm not sure about : once a mail is encrypted,
> only receivers which have DKIM feature on their mail can decrypt the

DKIM does not encrypt the whole email (this was pgp;). DKIM adds an
encrypted header wich can be decrypted with a public key obtained from
the nameserver of the sending domain.

I hope I did not compress this to much. for further reference about
DKIM have a look at http://www.dkim.org/.

> mail? Or this is compatible with standard mail server with no DKIM?

Yes it is fully compatible with DKIM-free M*As.

 |  Next  |  Last
Pages: 1 2
Prev: Postfix relay - restrict addresses EXCEPT from specific host
Next: postfix load handling