[Mageia-sysadm] [294] - start to merge simple relay, and add some basic antispam filtering
Michael Scherer
misc at zarb.org
Fri Nov 19 15:36:39 CET 2010
Le vendredi 19 novembre 2010 à 08:35 +0100, Luca Berra a écrit :
> On Thu, Nov 18, 2010 at 11:34:59PM +0100, root at mageia.org wrote:
> >+<% if classes.include?('postfix::simple_relay') %>
> > inet_interfaces = localhost
> >+<% else %>
> >+inet_interfaces = all
> >+<% end %>
> >+
> >+<% if classes.include?('postfix::smtp_server') %>
> you can safely add:
> smtpd_etrn_restrictions = reject
> you should add:
> smtpd_helo_required = yes
> if you do checks based on helo here
I will merge your proposals, I just need to be more familiar with what
they mean ( in case later some issue arise ). And i also likely need to
update zarb and others servers too :)
> >+smtpd_recipient_restrictions =
> >+# not done yet
> >+# permit_sasl_authenticated
>
> you should add
> reject_sender_login_mismatch
> and configure something like:
> smtpd_sender_login_maps =
> proxy:ldap:/etc/postfix/smtpd_sender_login_maps.cf
> server_host = ldaps://
> version = 3
> search_base = dc=mageia,dc=org
> query_filter = (|(mail=%s)(mailLocalAddress=%s))
> # use this with groupOfNames to allow people to send on behalf of an
> # alias (eg postmaster, abuse, etc)
> #special_result_attribute = owner
> result_attribute = uid
Well, that's disabled because we are not sure we should offer it ( I
took the config from zarb.org ).
> >+ reject_non_fqdn_hostname
> Note1: this restriction has been renamed in
> reject_non_fqdn_helo_hostname
> Note2: i reckon it as a bad idea, there are too many people unable to
> properly configure their mta to send an fqdn helo
That's what we use at zarb, so far no one complained ( obviously, maybe
that's because we reject their mail ... )
> i also have a number of possible additions, should i send those in?
Yup, why not, I will integrate them later.
--
Michael Scherer
More information about the Mageia-sysadm
mailing list