[Postfixbuch-users] DOS_OUTLOOK_TO_MX

Django django at nausch.org
Mo Apr 14 23:20:39 CEST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HI!

Am 14.04.2014 22:37, schrieb Django:

> In der AMaViS-Konfigdatei habe ich natürlich entsprechend,
> folgendes stehen: # Django : 2012-10-11 # default:
> $inet_socket_port = 10024; # $inet_socket_port = 10024;   # listen
> on this local TCP port(s) $inet_socket_port = [10024,10026];  #
> listen on multiple TCP ports
> 
> $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks 
> originating => 1,  # is true in MYNETS by default, but let's make
> it explicit os_fingerprint_method => undef,  # don't query p0f for
> internal clients };
> 
> # it is up to MTA to re-route mail from authenticated roaming users
> or # from internal hosts to a dedicated TCP port (such as 10026)
> for filtering $interface_policy{'10026'} = 'ORIGINATING';
> 
> $policy_bank{'ORIGINATING'} = {  # mail supposedly originating
> from our users originating => 1,  # declare that mail was submitted
> by our smtp client allow_disclaimers => 1,  # enables disclaimer
> insertion if available # notify administrator of locally
> originating malware virus_admin_maps => [""], spam_admin_maps  =>
> [""], warnbadhsender   => 0, # forward to a smtpd service providing
> DKIM signing service # forward_method => 'smtp:[127.0.0.1]:10027', 
> # force MTA conversion to 7-bit (e.g. before DKIM signing) 
> smtpd_discard_ehlo_keywords => ['8BITMIME'], 
> bypass_banned_checks_maps => [1],  # allow sending any file names 
> and types terminate_dsn_on_notify_success => 0,  # don't remove
> NOTIFY=SUCCESS option };

O.K., wenn ich nun noch ein bypass_spam_checks_maps   => [1], in der
policy_bank{'ORIGINATING'} eingetragen würde, dann würde das
höchstwahrscheinlich das Problem mit der ganz großen Keule erschlagen,
da die SPAM-Bewertung für die eigenen Nutzer-eMails deaktiviert würde.
Würde dort nun ein client Amok laufen und spammen wir ein Weltmeister,
würde das natürlich sehr schnell die eigenen Reputation zu nichte
machen, oder?

service Django stop
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTTFEdAAoJEAdOz2FQpr/tNqIP/0g+X9JNvz96lkNeaXbSWslx
Sep9ewZjxBNKR7tgPbriynSaylUBBCrGbba4sm4cO9hYBpE2N2NvoYDjio/0TsBY
fF6Vu7Xxf4F1PkwxQCGXGNIs1Bx0XDINrkyMfeVoeqXe6bZwmehuByNf/0+zzlEP
LF5TEtwwGvwxk0CMuqQ8hOiV31MtlKL4nVHICYho41Mb6tVF5yprBIuGfpJ2ffa1
uxEm2mrECw0+7khoEW8Gsue5Hq6eKUsSLJecXu909Vj6xxBwVWnDzUHB/gfVALON
C8ikSFuS8qhFoaV5SctKGODtYQilUM4Viw5T9xFzSK+slQ/7h9IvPRZd0A3dKcAm
BtuCh+mSmh5uTclvKeBq8JZGGilSA0FEj+2CjlY4GV6IE2e2wnjhDXj6ytRsDYae
R56a0IRShB8chPCjrOuNxmIa11Sw2B4HV0FjLNooQA8UmXr2SveZywSmmlTX5/qX
e41o+gXpExekw2BM4BHzMkB65kbS4FpuAu6Vx4z6ARhPguG5vKWDjC1gG6T6hTCo
EQGK/t4AQp1aU8re6DKaXqKiNrrccMXNs1TctMGEbSKqMQcANBgfiVAmzTZOyeUK
IuYMKZU1caWF4wj6SHYf+J1auWpma5T7ClKn18Uq4ur6n31uOIil/QcF6dVns7Nk
pXtaYvkt4Gz89bpKyfr7
=Q4OE
-----END PGP SIGNATURE-----

Mehr Informationen über die Mailingliste Postfixbuch-users