stricter postfix settings

Ethan Blanton elb at
Sun Jun 13 17:22:29 EDT 2010

Paul Aurich spake unto us the following wisdom:
> At John's suggestion, I'm bringing this up here.
> It would be nice if the mail servers were a bit more
> restrictive in what mail they accept.  In particular, my
> ( mail server is routinely rejecting a message or two
> coming from bogus domains:
> postfix/smtpd: NOQUEUE: reject: RCPT from[]:
> 450 4.1.8 <apache at localhost.localdomain>: Sender address rejected:
> Domain not found; from=<apache at localhost.localdomain>
> to=<paul at> proto=ESMTP helo=<>

We have traditionally handled such things with per-user spam filters
(spamprobe is available on rock, as is spamassassin; the latter can
check for this condition).  I could be convinced to add this
particular check to the default config, if there's general
concurrence.  I find it annoying, myself, but basically everyone has
to have their outgoing mail set up to spoof as necessary, anyway,
since so many servers set it.

> This is the reject_unknown_sender_domain smtpd_sender_restrictions
> option
> (,
> which I think should add :).
> There might be other things that could be added (greylisting or pinging
> an RBL come to mind), but I don't feel as strongly about those.

I am personally opposed to both of these.  Greylisting slows down
legitimate emails by a potentially long time (if mail servers are set
conservatively, as they should be, it can reasonably be several
hours).  As far as RBLs ... there are RBLs and then there are RBLs.
I'd prefer to leave this up to the individual user's spam filters.
I'll push back on both greylisting and RBLs, but I am ultimately only
one voice.


The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <>

More information about the Discussion mailing list