Prev: "Invalid size declaration"?
Next: Mail forward only using virtual_alias_maps
From: Victor Duchovni on 10 Jun 2010 10:51
On Thu, Jun 10, 2010 at 09:50:16AM -0400, Wietse Venema wrote:

> If the postmaster address is excluded from spam checks then you
> may want to change the address_verify_sender setting.
>
> The current default is:
> address_verify_sender = $double_bounce_sender
>
> The older (problematic) default is
> address_verify_sender = postmaster
>
> The final ultimate fix is to make address_verify_sender time-dependent,
> so that it does not become a spam sink itself.

Making it time-dependent address_verify_sender may somewhat compound
issues with grey-listing at the origin domain. It is useful to have a
value that is stable enough to not repeatedly be subjected to greylisting.

--
Viktor.

From: Ralf Hildebrandt on 10 Jun 2010 10:55
* Victor Duchovni <Victor.Duchovni(a)morganstanley.com>:
> On Thu, Jun 10, 2010 at 09:50:16AM -0400, Wietse Venema wrote:
>
> > If the postmaster address is excluded from spam checks then you
> > may want to change the address_verify_sender setting.
> >
> > The current default is:
> > address_verify_sender = $double_bounce_sender
> >
> > The older (problematic) default is
> > address_verify_sender = postmaster
> >
> > The final ultimate fix is to make address_verify_sender time-dependent,
> > so that it does not become a spam sink itself.
>
> Making it time-dependent address_verify_sender may somewhat compound
> issues with grey-listing at the origin domain. It is useful to have a
> value that is stable enough to not repeatedly be subjected to greylisting.

Maybe if it changes once a week (configurable), but the idea is good.

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt(a)charite.de | http://www.charite.de


From: Victor Duchovni on 10 Jun 2010 11:01
On Thu, Jun 10, 2010 at 04:55:30PM +0200, Ralf Hildebrandt wrote:

> * Victor Duchovni <Victor.Duchovni(a)morganstanley.com>:
> > On Thu, Jun 10, 2010 at 09:50:16AM -0400, Wietse Venema wrote:
> >
> > > If the postmaster address is excluded from spam checks then you
> > > may want to change the address_verify_sender setting.
> > >
> > > The current default is:
> > > address_verify_sender = $double_bounce_sender
> > >
> > > The older (problematic) default is
> > > address_verify_sender = postmaster
> > >
> > > The final ultimate fix is to make address_verify_sender time-dependent,
> > > so that it does not become a spam sink itself.
> >
> > Making it time-dependent address_verify_sender may somewhat compound
> > issues with grey-listing at the origin domain. It is useful to have a
> > value that is stable enough to not repeatedly be subjected to greylisting.
>
> Maybe if it changes once a week (configurable), but the idea is good.

I don't know how long typical greylist whitelist entries last, but even
a week may be too short if greylist whitelists are typically expected
to last longer. Of course sensible folks auto-whitelist client IPs,
rather than (IP, sender, rcpt) triples and in that case, a (long-term)
stable envelope sender is less important.

--
Viktor.

From: Wietse Venema on 10 Jun 2010 11:15
Victor Duchovni:
> On Thu, Jun 10, 2010 at 09:50:16AM -0400, Wietse Venema wrote:
>
> > If the postmaster address is excluded from spam checks then you
> > may want to change the address_verify_sender setting.
> >
> > The current default is:
> > address_verify_sender = $double_bounce_sender
> >
> > The older (problematic) default is
> > address_verify_sender = postmaster
> >
> > The final ultimate fix is to make address_verify_sender time-dependent,
> > so that it does not become a spam sink itself.
>
> Making it time-dependent address_verify_sender may somewhat compound
> issues with grey-listing at the origin domain. It is useful to have a
> value that is stable enough to not repeatedly be subjected to greylisting.

I was thinking of a monthly change just enough to frustrate harvesting
but not enough to cause problems. Quarterly might do it too.

Wietse

From: Sahil Tandon on 11 Jun 2010 17:48
You mention that /etc/postfix/recipients_access is empty, but why then
do you keep it in smtpd_recipient_restrictions? And although the flat
file is empty, did you postmap it to rebuild the hash (.db file) as
well?

Actually, before going down that road: did the abovementioned file
contain an OK for postmaster before you emptied it?

--
Sahil Tandon <sahil(a)FreeBSD.org>

First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: "Invalid size declaration"?
Next: Mail forward only using virtual_alias_maps