[PREV] | [UP] | [NEXT]

Some tips on postfix security

These rules almost speak for themselves:

# some settings to make life easier smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client bl.spamcop.net, reject_rbl_client relays.ordb.org, reject_rbl_client sbl.spamhaus.org, reject_unauth_destination smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain #getting rid of slow hosts transport_maps = hash:/etc/postfix/transport deadbeats_destination_concurrency_limit = 50

For the slow hosts, you also need a line added to master.cf:

deadbeats unix - - n - - smtp -o smtp_connect_timeout=5 -o smtp_helo_timeout=5

You will also need to create two files:
/etc/postfix/transport

TRANSPORT(5) # transport - format of Postfix transport table # hotmail.com deadbeats: yahoo.com deadbeats: myokay.net deadbeats: freenet.de deadbeats: earthlink.net deadbeats: getnet.it deadbeats: freemail.com.au deadbeats: byte.it deadbeats:

and /etc/postfix/access

mail.ru REJECT 127.0.0.1 OK

Run postmap access, postmap transport, after creating these files, then run postfix reload.

[PREV] | [UP] | [NEXT]