Re: need help configuring hosts.deny

To: debian-user@lists.debian.org
Subject: Re: need help configuring hosts.deny
From: armitage@freaks.com (Brandon High)
Date: Wed, 25 Apr 2001 15:21:05 -0700
Message-id: <[🔎] 20010425152104.B13355@schitzo.freaks.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.21.0104250937060.4211-100000@onix.sacred-key.org>; from sebas@sacred-key.org on Wed, Apr 25, 2001 at 09:44:00AM +0200
References: <[🔎] Pine.LNX.4.21.0104250937060.4211-100000@onix.sacred-key.org>

On Wed, Apr 25, 2001 at 09:44:00AM +0200, Sebastiaan wrote:
> 
> I have reason to belive that my computer is used as a relay host for
> spam. Walking through the logs, I found one ip number which has no ip
> name, but it connects the computer every hour or so and sends some mail.

Try doing this in /etc/postfix/main.cf:
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender

Basically, if the IP for the advertised hostname doesn't match the DNS
return, deny. Deny if a HELO or EHLO wasn't sent. Deny any made up domain
names. Deny if there is no address associated with the IP, or the domain is
not fully quallified.

You might also want to do:
maps_rbl_domains = blackholes.mail-abuse.org dialups.mail-abuse.org relays.mail-abuse.org
smtpd_client_restrictions = hash:/etc/postfix/access, reject_maps_rbl

-B

-- 
Brandon High                                     armitage@freaks.com
Money can't buy happiness. But it sure makes misery easier to live with.

Reply to:

References:
- need help configuring hosts.deny
  - From: Sebastiaan <sebas@sacred-key.org>

Prev by Date: Re: ALSA problems in Debian/unstable
Next by Date: Re: debian newbie "tip-of-the-day" signature script
Previous by thread: Re: need help configuring hosts.deny
Next by thread: Re: need help configuring hosts.deny
Index(es):
- Date
- Thread