stricter postfix settings

Paul Aurich paul at
Sun Jun 13 23:54:20 EDT 2010

On 2010-06-13 14:22, Ethan Blanton wrote:
> Paul Aurich spake unto us the following wisdom:
>> At John's suggestion, I'm bringing this up here.
>> It would be nice if the mail servers were a bit more
>> restrictive in what mail they accept.  In particular, my
>> ( mail server is routinely rejecting a message or two
>> coming from bogus domains:
>> postfix/smtpd: NOQUEUE: reject: RCPT from[]:
>> 450 4.1.8 <apache at localhost.localdomain>: Sender address rejected:
>> Domain not found; from=<apache at localhost.localdomain>
>> to=<paul at> proto=ESMTP helo=<>
> We have traditionally handled such things with per-user spam filters
> (spamprobe is available on rock, as is spamassassin; the latter can
> check for this condition).  I could be convinced to add this
> particular check to the default config, if there's general
> concurrence.  I find it annoying, myself, but basically everyone has
> to have their outgoing mail set up to spoof as necessary, anyway,
> since so many servers set it.

A [growing] number of people (myself included) with mail aliases don't
have accounts, so we can't set up spam filters.  (I also suspect a
.forward would use a valid sender address, though I don't think I've
looked.)  I might be the only one who compulsively reads all my logcheck
emails, though.

>> There might be other things that could be added (greylisting or pinging
>> an RBL come to mind), but I don't feel as strongly about those.
> I am personally opposed to both of these.  Greylisting slows down
> legitimate emails by a potentially long time (if mail servers are set
> conservatively, as they should be, it can reasonably be several
> hours).  As far as RBLs ... there are RBLs and then there are RBLs.
> I'd prefer to leave this up to the individual user's spam filters.
> I'll push back on both greylisting and RBLs, but I am ultimately only
> one voice.

I figure that's the general sentiment on both (and I don't think any
spam forwarded via reaches my inbox, so I don't care much).  I
thought I'd mention them just in case. :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Discussion mailing list