Current time: 11-15-2024, 05:05 PM Hello There, Guest! (LoginRegister)


Thread Closed 
Latest main.cf changes
Author Message
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #1
Latest main.cf changes
Hi there

I saw the latest main.cf changes:

Quote:smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
check_policy_service inet:127.0.0.1:60000,
check_policy_service inet:127.0.0.1:12525

You can skip the sender_restrictions. They are not necessary.

The recipient restriction is not optimal. At least:
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,

should match before permit_mynetworks and permit_sasl_authenticated...
11-03-2007 07:52 PM
Visit this user's website Find all posts by this user
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #2
RE: Latest main.cf changes
You mean http://www.isp-control.net/ispcp/changeset/896 ??
So please reopen the Ticket and post your better solution.
Thanks!

Greez BeNe
11-03-2007 08:49 PM
Visit this user's website Find all posts by this user
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #3
RE: Latest main.cf changes
done

http://www.isp-control.net/ispcp/ticket/825#comment:2


PS: my 333 post ^^
(This post was last modified: 11-03-2007 09:18 PM by rbtux.)
11-03-2007 09:17 PM
Visit this user's website Find all posts by this user
Zothos Offline
Release Manager
*****
Dev Team

Posts: 1,262
Joined: Feb 2007
Reputation: 10
Post: #4
RE: Latest main.cf changes
hm, why do we need postgrey and! policyd-weight? Im using just policyd on my own box. And ist runnig fine. Lesser spam as with postgrey Wink

And a little idea, why dont add some random honeypots to each ispcp installation. Which will pollute our own dns black list Wink
11-04-2007 02:25 AM
Find all posts by this user
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #5
RE: Latest main.cf changes
Zothos Wrote:hm, why do we need postgrey and! policyd-weight? Im using just policyd on my own box. And ist runnig fine. Lesser spam as with postgrey Wink

i use a combination of both...

policyd-weight on each connection and postgrey selective for known dialin ranges (or rdns entry which looks like dynamic...)

But i don't think that the majority of the users here were capable of monitoring and administer such a solution. So the main aim should be make ispcp as spamresistant as possible out of the box WITHOUT any special knowledge needed for the admins... Thats my humble opinion...
11-04-2007 02:30 AM
Visit this user's website Find all posts by this user
raphael Offline
Member
***

Posts: 474
Joined: Apr 2007
Reputation: 8
Post: #6
RE: Latest main.cf changes
Quote:You can skip the sender_restrictions. They are not necessary.
they were already there; and I don't think people want anybody to use their server for sending emails
11-04-2007 04:19 AM
Visit this user's website Find all posts by this user
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #7
RE: Latest main.cf changes
the sender_restrictions has nothing to do with especially sending e-mails... the sender_restrictions restrict mails using information available after the mail from: command while recipient_restictions restrict mails based on information available after rhe rcpt: command

so within recipient restriction you can do all restrictions necessary. This is important when you add some black/whitelists. When you permit something within sender_restrictions you can't block that in the recipient_restrictions...
11-04-2007 04:30 AM
Visit this user's website Find all posts by this user
bodysplit Offline
Junior Member
*

Posts: 45
Joined: Nov 2007
Reputation: 1
Post: #8
RE: Latest main.cf changes
rbtux Wrote:so within recipient restriction you can do all restrictions necessary. This is important when you add some black/whitelists. When you permit something within sender_restrictions you can't block that in the recipient_restrictions...

I also have set only recipient restrictions, but I came to think about it after your post.

Wouldn't it speed up the mail processing if we knock out Spammers early? Wouldn't it be could to error out everyone we can, if we can, with the info we already have?

I'm just curious. I have the HELO/EHLO and the MAIL FROM. I don't need to know who the mail is for to kick out wrong HELOs or non-RFC sender-addresses.

The only point I can think of is the postmaster, who should always get mail. But on the other hand, even for a postmaster, at least the sender could check HELO and a RFC-formatted sender address.

Realy, I'm just wondering.
11-06-2007 07:55 PM
Find all posts by this user
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #9
RE: Latest main.cf changes
your point is not wrong...

But thats a few bytes per mail you have to get additionally...

The main advantage of this configuration comes in play when you add some additional maps (bogus_mx / white and blacklistings for sender/recipient/clients...) you can specify them at one point in the configuration and you don't have to worry about previous permits/blocks...

I personally like as much information possible in my log files...
11-06-2007 08:03 PM
Visit this user's website Find all posts by this user
bodysplit Offline
Junior Member
*

Posts: 45
Joined: Nov 2007
Reputation: 1
Post: #10
RE: Latest main.cf changes
Thanks rbtux, I understand that now.

I just hope, sometimes in the near future I can beat up GMX and Webmail or Google/Yahoo. Then, the mail-system would realy need to perform best.

Okay, I readjust my plans on taking over the world...
11-06-2007 08:12 PM
Find all posts by this user
Thread Closed 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)