postfix-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Query - Unknown Sender Domain

from Peter Justus [Permanent Link]
Subject: Query - Unknown Sender Domain
From: "Peter Justus" <peter AT acunet.co DOT za>
To: <postfix-users AT postfix DOT org>
Date: Fri, 10 Aug 2007 12:55:39 +0200
Hi List
 
I wonder if anybody could comment on the following for me, I am fairly new to Postfix and am learning steadily, I have set the smtpd_restrictions and others (highlighted in bold below) in an attempt to stop spammers and general nastiness happening on the server, which has helped in my opinion tremendously, the problem I have is that we have a lot of legitimate senders/clients that send to us that have experienced the inability to send to our domain, as a last resort I physcially add the offending hosts/addresses to a access "whitelist" , unfortunately the bossman has approached me shouting blasphemies at current mailserver config and that it is too restrictive and he wants it open irrespective, which for all intents and purposes might/may not be the best move, what are the thoughts of those that are in the know with regards to commenting out the "helo" restrictions in the main.cf file, is there another way around this problem, as I see that there are many a mail server which is misconfigured out in "www Land", I really don't want to have to open up the mail server to abuse from them nasty "Spam Lovers" 
 
"postconf -n" output as below
 
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
multi_recipient_bounce_reject_code = 554
mydestination = mail02.africanrainbow.com, localhost, localhost.localdomain
myhostname = mail02.africanrainbow.com
mynetworks = 127.0.0.0/8, hash:/etc/postfix/network_relay
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps   $relocated_maps  $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
receive_override_options = no_address_mappings
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/access,    check_client_access hash:/etc/postfix/access,permit_sasl_authenticated,      permit_mynetworks,      reject_non_fqdn_sender, reject_non_fqdn_recipient,      reject_unknown_sender_domain,        reject_unknown_recipient_domain,        reject_non_fqdn_helo_hostname,  reject_unauth_destination,  reject_invalid_hostname,         reject_unknown_helo_hostname,   reject_unauth_pipelining,       reject_non_fqdn_hostname,   permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_unknown_address,
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwarding.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_create_maildirsize = yes
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_maildir_limit_message = "User Quota Exceeded, Please try again shortly"
virtual_overquota_bounce = yes
virtual_uid_maps = static:5000
 
Regards
 
Peter
 
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Postfix local problem, Jim Potter
Next by Date:  connect from unknown[unknown], Justin Piszcz
Previous by Thread:  postfix+ldap: sending to a list (of users), Marc Cuypers
Next by Thread:  Re: Query - Unknown Sender Domain, Ralf Hildebrandt
Indexes:  [Date] [Thread] [Top] [All Lists]