Re: Hardware considerations for mail/directory

[Craig Sanders <cas@taz.net.au>]

On Fri, Mar 31, 2006 at 02:15:21PM -0700, joshua sahala wrote:

> Note that this is only as a backup-mx/relay service for customers, no
> IMAP/POP, or complex spam/virus filtering. This is done with Postfix
> (everything that can be hashed has been):
> 
> smtpd_recipient_restrictions = 
>         reject_unauth_pipelining,
>         reject_rbl_client $MY_RBL_SERVER,
>         reject_non_fqdn_recipient,
>         reject_non_fqdn_sender,
>         reject_unknown_sender_domain,
>         reject_unknown_recipient_domain,
>         reject_non_fqdn_hostname,
>         reject_invalid_hostname,
>         reject_unverified_sender,
>         permit_mx_backup,
>         reject_unauth_destination,
>         reject

this sounds like a backscatter hellhole - because you dont have a
relay-recipient map. without that, it is a *dis*-service to both your
customers and the rest of the net.

note that spammers and viruses STILL target secondary/backup MX
servers....and 99.9999% of the time your customers only THINK they need
a backup MX (mostly because they're relying on obsolete advice from over
a decade ago when backup MX servers weren't such a bad idea). these days
they are rarely needed, and generally cause a lot more trouble than they
are worth.


it would be far better to set up something that allows your customers to
upload lists of valid addresses in their domain(s) and then construct
a relay_recipient map from that.



craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)