stricter postfix settings

Luke Schierer lschiere at pidgin.im
Sun Jun 13 17:36:54 EDT 2010


On Jun 13, 2010, at 17:22 EDT, Ethan Blanton wrote:

> Paul Aurich spake unto us the following wisdom:
>> At John's suggestion, I'm bringing this up here.
>> 
>> It would be nice if the pidgin.im mail servers were a bit more
>> restrictive in what mail they accept.  In particular, my
>> (darkrain42.org) mail server is routinely rejecting a message or two
>> coming from bogus domains:
>> 
>> postfix/smtpd: NOQUEUE: reject: RCPT from rock.pidgin.im[74.63.8.88]:
>> 450 4.1.8 <apache at localhost.localdomain>: Sender address rejected:
>> Domain not found; from=<apache at localhost.localdomain>
>> to=<paul at darkrain42.org> proto=ESMTP helo=<rock.pidgin.im>
> 
> We have traditionally handled such things with per-user spam filters
> (spamprobe is available on rock, as is spamassassin; the latter can
> check for this condition).  I could be convinced to add this
> particular check to the default config, if there's general
> concurrence.  I find it annoying, myself, but basically everyone has
> to have their outgoing mail set up to spoof as necessary, anyway,
> since so many servers set it.
> 
>> This is the reject_unknown_sender_domain smtpd_sender_restrictions
>> option
>> (http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain),
>> which I think pidgin.im should add :).
>> 
>> There might be other things that could be added (greylisting or pinging
>> an RBL come to mind), but I don't feel as strongly about those.
> 
> I am personally opposed to both of these.  Greylisting slows down
> legitimate emails by a potentially long time (if mail servers are set
> conservatively, as they should be, it can reasonably be several
> hours).  As far as RBLs ... there are RBLs and then there are RBLs.
> I'd prefer to leave this up to the individual user's spam filters.
> I'll push back on both greylisting and RBLs, but I am ultimately only
> one voice.
> 
> Ethan

at different times I have had greylisting in place.  It helps *alot*.  But I've turned it off each time due to complaints.

I am against RBLs.  I have had a lot of trouble with my own servers being put on RBLs along with entire /24s that I happen to be on.  They are an unmitigated pain in the neck, and I will not support them by being a user of them.

Luke



More information about the Discussion mailing list