Stopping spammers extreme
in [Postfix]
|
From: ram on 5 May 2010 02:15 On Tue, 2010-05-04 at 12:29 +0300, Appliantologist wrote: > Hi guys, > > I still need to accept mail for the email addresses we host on our > machine from the net, so blocking port 25 or mynetworks as local host > would seem to prevent that. we still have users on the domain that > get mail to the address, except now we forward that mail to gmail > using the virtual table > > here is the result of postconf -n > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > debug_peer_level = 2 > default_privs = apache > disable_vrfy_command = yes > html_directory = no > in_flow_delay = 1s > inet_interfaces = all > mail_owner = postfix > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > mydestination = $myhostname, localhost.$mydomain, localhost > mydomain = wans-eu.com > myhostname = wans-eu.com > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES > sample_directory = /usr/share/doc/postfix-2.3.3/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtpd_helo_restrictions = reject_invalid_hostname > strict_rfc821_envelopes = yes > unknown_local_recipient_reject_code = 550 > virtual_alias_domains = multiterminal.ua > virtual_alias_maps = hash:/etc/postfix/virtual > > 1) Add smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit 2) create a relaydomains file http://www.postfix.org/postconf.5.html#relay_domains 3) And ask the legitimate senders to use sasl auth
From: Ansgar Wiechers on 5 May 2010 04:30 On 2010-05-05 ram wrote: > On Tue, 2010-05-04 at 12:29 +0300, Appliantologist wrote: >> I still need to accept mail for the email addresses we host on our >> machine from the net, so blocking port 25 or mynetworks as local host >> would seem to prevent that. we still have users on the domain that >> get mail to the address, except now we forward that mail to gmail >> using the virtual table [...] > 1) Add > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > permit The default is "permit_mynetworks, reject_unauth_destination", which should be sufficient for his scenario. > 2) create a relaydomains file > http://www.postfix.org/postconf.5.html#relay_domains > > 3) And ask the legitimate senders to use sasl auth What for? AFAICS he's not relaying for any other domain, but only forwarding particular (local/virtual) addresses to gmail mailboxes. And we still don't know how the supposed spams are entering Postfix in the first place. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
First
|
Prev
|
Pages: 1 2 3 Prev: MIA: mstone author / maintainer Next: timeout problem on inbound and outbound SMTP |