[bglug] Re: Re: Re: Sistemistica: Postfix in situazioni particolari.

Manuel manetta@mediacom.it
Ven 15 Apr 2005 16:27:24 CEST


paradox ha scritto:

> Ora viste le 
> possibilità built-in che offre postfix (utilizzo l'ultima versione 
> stabile 2.2.2) avevo pensato ad una cosa di questo tipo:
[cut]

io uso queste, e mi trovo abbastanza bene:

smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes

smtpd_client_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =  check_sender_access 
hash:/etc/postfix/access,
             check_recipient_access hash:/etc/postfix/access,
             check_client_access hash:/etc/postfix/access,
             permit_mynetworks,
             reject_unknown_recipient_domain,
             reject_unknown_sender_domain,
             reject_unauth_destination,
             reject_unauth_pipelining,
             reject_invalid_hostname,
             reject_non_fqdn_sender,
             reject_non_fqdn_recipient,
             reject_rhsbl_client blackhole.securitysage.com,
             reject_rhsbl_sender blackhole.securitysage.com,
             reject_rbl_client sbl-xbl.spamhaus.org,
             reject_rbl_client list.dsbl.org,
             reject_rbl_client bl.spamcop.net,
             reject_rbl_client dnsbl.njabl.org,
             reject_rbl_client korea.services.net,
             reject_rbl_client l1.spews.dnsbl.sorbs.net,
             reject_rbl_client dul.spews.dnsbl.sorbs.net,
             reject_rbl_client dul.dnsbl.sorbs.net,
             reject_rbl_client relays.ordb.org,
             reject_rbl_client combined.njabl.org,
             reject_rbl_client cbl.abuseat.org

che comunque, qualche problemino portano, visto che nel file access ho 
dovuto mettere:

katamail.com                            OK
inwind.it                               OK
libero.it                               OK
lombardiacom.it                         OK
register.it                             OK
softcare.it                             OK
tiscali.it                              OK
tiscalinet.it                           OK
tin.it                                  OK
virgilio.it                             OK

(più tanti altri meno noti)




> #per evitare open-relay
> relay_domains =

a parte che devi mettere
relay_domains = $mydestination

ma la direttiva più importante è
mynetworks = 127.0.0.0/8 , <tua classe ip>


Ciao
Manuel


Maggiori informazioni sulla lista bglug