From: kashani <kashani-list@badapple.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Greylisting vs. reject_rbl_client
Date: Fri, 25 Aug 2006 10:33:58 -0700 [thread overview]
Message-ID: <44EF3486.7060608@badapple.net> (raw)
In-Reply-To: <49bf44f10608250806w1de2b8fcpce24b70e7eeb4c56@mail.gmail.com>
Grant wrote:
>> I'd be careful with non_fqdn_hostname
>
> What's wrong with that? Here's how the postfix docs describe it:
>
> reject_non_fqdn_helo_hostname (with Postfix < 2.3:
> reject_non_fqdn_hostname)
> Reject the request when the HELO or EHLO hostname is not in
> fully-qualified domain form, as required by the RFC.
Nothing is wrong with it, but that tends to be the one that bounces the
most mail erroneously at least for me. In a perfect world there would be
no problem with it, but in reality we have MS 2003 boxes reporting
themselves as 2003WS-01 without a FQDN when they attempt to relay.
>> > smtpd_sender_restrictions =
>> > permit_mynetworks,
>> > reject_non_fqdn_sender,
>> > reject_unknown_sender_domain,
>> > permit
>> > smtpd_recipient_restrictions =
>> > permit_mynetworks,
>> > reject_non_fqdn_recipient,
>> > reject_unknown_recipient_domain,
>> > reject_unauth_destination,
>> > permit
>>
>> That's pretty much what I run and you might want to look at
>> smtpd_data_restrictions as well.
>
> What do you use with smtpd_data_restrictions? I was considering
> reject_unauth_pipelining but the docs have me confused with the "Note"
> below:
>
> reject_unauth_pipelining
> Reject the request when the client sends SMTP commands ahead of time
> where it is not allowed, or when the client sends SMTP commands ahead
> of time without knowing that Postfix actually supports ESMTP command
> pipelining. This stops mail from bulk mail software that improperly
> uses ESMTP command pipelining in order to speed up deliveries.
> Note: reject_unauth_pipelining is not useful outside
> smtpd_data_restrictions when 1) the client uses ESMTP (EHLO instead of
> HELO) and 2) with "smtpd_delay_reject = yes" (the default). The use of
> reject_unauth_pipelining in the other restriction contexts is
> therefore not recommended.
er hmmm, I'm still using Postfix 2.2 which doesn't have all the neat 2.3
stuff yet. In 2.2 you'd put pipelining under smtpd recipient
restrictions, but it appears that would cause some issues in 2.3 though
just setting it under data restrictions would work fine if I'm reading
it right.
kashani
--
gentoo-user@gentoo.org mailing list
next prev parent reply other threads:[~2006-08-25 17:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-21 23:55 [gentoo-user] Greylisting vs. reject_rbl_client Grant
2006-08-22 0:40 ` kashani
2006-08-22 3:07 ` Grant
2006-08-22 3:28 ` Grant
2006-08-24 5:19 ` Nick Rout
2006-08-24 23:08 ` Grant
2006-08-25 0:42 ` kashani
2006-08-25 7:44 ` Neil Bothwick
2006-08-25 15:06 ` Grant
2006-08-25 17:33 ` kashani [this message]
2006-08-25 18:02 ` Preston Hagar
2006-08-25 18:23 ` kashani
2006-08-25 21:24 ` Preston Hagar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44EF3486.7060608@badapple.net \
--to=kashani-list@badapple.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox