[Postfixbuch-users] Whitelist und smtpd_recipient_restrictions
Udo Neist
postfix at singollo.de
Mi Nov 17 11:55:59 CET 2004
Am Mittwoch November 17 2004 11:39 schrieb Tobias Neumann:
> Die Parameter reject_non_fqdn_sender bzw.
> reject_non_fqdn_recipient beziehen sich auf den Domain-Namen in
> den Absender- bzw. Empfängeradressen, während die Fehlermeldung
> auf ein ungültiges HELO-Kommando hindeutet. Eventuell sind die
> Parameter
> reject_invalid_hostname oder permit_naked_ip_address gesetzt,
> beide werten den beim HELO angegebenen Hostnamen aus.
Zur Einfachheit mal postconf -n:
alias_database = hash:/etc/aliases,
hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp:127.0.0.1:10024
daemon_directory = /usr/lib/postfix
delay_warning_time = 5
disable_dns_lookups = no
mailbox_transport = lmtp:unix:public/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_exceptions = root
message_size_limit = 26214400
mydestination = $myhostname, $mydomain
mydomain = singollo.de
myhostname = h8239.singollo.de
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
notify_classes = resource, software, delay
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/certs/singollo.pem
smtp_tls_cert_file = /etc/postfix/certs/singollo.pem
smtp_tls_cipherlist = HIGH:@STRENGTH
smtp_tls_key_file = /etc/postfix/certs/singollo.pem
smtp_tls_loglevel = 2
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name NO_SPAM_ALLOWED_HERE
smtpd_client_restrictions = permit_mynetworks,
reject_invalid_hostname
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client
ix.dnsbl.manitu.net, reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl.spamhaus.org, reject_rbl_client
list.dsbl.org, reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org, reject_rbl_client
ix.dnsbl.manitu.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/certs/singollo.pem
smtpd_tls_cert_file = /etc/postfix/certs/singollo.pem
smtpd_tls_key_file = /etc/postfix/certs/singollo.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
virtual_alias_domains = serverkompetenz.net
virtual_alias_maps = hash:/etc/postfix/virtual
Gruß
Udo
--
panic("Foooooooood fight!");
2.2.16 /usr/src/linux/drivers/scsi/aha1542.c
Mehr Informationen über die Mailingliste Postfixbuch-users