Differences

This shows you the differences between two versions of the page.

--- postfix [2006/03/08 09:05]
greebo
+++ postfix [2008/02/06 12:34]
86.58.4.25 over-quota & reject_unverified_recipients
@@ Line 1: / Line 1: @@
 ====== Postfix ======
 ==== Useful links ====
   * [[http://www.securitysage.com/antispam/]]
+  * [[http://openrbl.org/|OpenRBL check]]
+  * [[http://www.rfc-ignorant.org/]]
+  * [[http://www.acme.com/mail_filtering/]]
+  * [[http://www.pantz.org/os/openbsd/postfix-spamd-dovecot.shtml|Some useful postfix rules]]
+  * [[http://blog.dkorunic.net/|Spam Ninjas - Dinko Korunic’s blog]]
 ===== TODO =====
   * **berljivost clanka**
+  * **RAZLICNI SCENARIJI**
   * vrstni red
   * razlicni scenariji
@@ Line 20: / Line 28: @@
   unverified_sender_reject_code = 550
+===== Different Setups =====
+  * [[postfix:mx|Postfix as MX server]]
+  * [[postfix:smtp|Postfix as SMTP relay]]
+  * [[postfix:smtp-auth|Postfix with SMTP-auth]]
+  * [[postfix:asrelay|Postfix as relaying server (to Exchaneg/Domino)]]
+  * [[postfix:advance|Advance postfix hacks]]
 ===== Cool :) postifx hacks =====
@@ Line 44: / Line 58: @@
     /^((Resent-)?From|To|Cc|Date|Return-Path|Message-ID):/ OK
     /./ IGNORE
@@ Line 50: / Line 65: @@
 ''Be aware that if your IMAP server receives messages over LMTP, over-quota situations won't be discovered until after Postfix has accepted the message, so it will have to be bounced. If you want to reject mail for users over their quotas, you'll have to use an access table listing users who are over their quotas.''
+-02-06 (b) Not necessarily. If you use reject_unverified_recipient, cyrus LMTP rejects mail for over-quota mailbox and Postfix rejects them at SMTP stage.
+----------------
-----------------
 ===== Unsorted stuff =====
@@ Line 80: / Line 96: @@
 Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays.
 ===
+tired of  "postfix/smtpd : OTP unavailable because can't read/write key database"
+add to /etc/postfix/sasl/smtp.conf
+mechlist: plain login crammd5 digestmd5
+or try this:
+cd /usr/lib/sasl2
+mkdir deactivated
+mv *otp* deactivated
+# for good measure
+mv *ntlm* deactivated
 =============
@@ Line 123: / Line 152: @@
 out that many clients won't accept a REJECT after the (HELO|MAIL
 FROM:connect) and would return every second.
+===== ABKO ====
+check_*_mx_access cidr:/etc/postfix/sender_mx_access.cidr
+.0.0.0/8	REJECT Domain MX in broadcast network
+.0.0.0/8	REJECT Domain MX in RFC 1918 private network
+.0.0.0/8	REJECT Domain MX in loopback network
+.254.0.0/16	REJECT Domain MX in link local network
+.16.0.0/12	REJECT Domain MX in RFC 1918 private network
+.0.2.0/24	REJECT Domain MX in TEST-NET network
+.168.0/16	REJECT Domain MX in RFC 1918 private network
+.0.0.0/4	REJECT Domain MX in class D multicast network
+.0.0.0/5	REJECT Domain MX in class E reserved network
+.0.0.0/5	REJECT Domain MX in reserved network
 ==========
@@ Line 217: / Line 261: @@
 smtpd_recipient_restrictions =
-	reject_unauth_pipelining,
+#	reject_unauth_pipelining, http://www.irbs.net/internet/postfix/0311/1455.html
 	reject_non_fqdn_sender,
 	reject_non_fqdn_recipient,
@@ Line 228: / Line 272: @@
 	reject_rbl_client dnsbl.sorbs.net
 	reject_unauth_destination
+smtpd_data_restrictions =
+	reject_unauth_pipelining
 #mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
@@ Line 282: / Line 329: @@
   dsl.net                 554 Use smtp.dsl.net as outgoing e-mail server!
+**B wrote**
+To matchne vsak hostname, v katerem se pojavi ".dsl."
+ali ce hoces bit natancen:
+/^.*\.dsl\..*$/ (^ in $ sta zacetek in konec stringa, na zacetku in koncu stringa je lahko karkoli (.*), nekje v stringu pa je tudi ".dsl.")
 /etc/postfix/sender_checks