Note: Postfix processes the restrictions in linear order, and stops processing at the first match.
The following are common anti-spam settings that can be added to the main conf file.
reject_unknown_sender_domain
Postfix checks the sender-supplied mail address (in the MAIL FROM portion of the SMTP transaction) for valid A or MX DNS records. If none are found, the mail is rejected.
reject_unknown_recipient_domain
Postfix will reject mail if the supplied recipient domain lacks a valid A or MX DNS record.
permit_mynetworks
Postfix will accept the e-mail transaction if the destination matches one of the entries in the $mynetworks variable in main.cf. This is particularly useful when your server is acting as a central mail router for machines within your network space.
reject_unauth_destination
Postfix will reject the e-mail unless the mail is directed toward a host that Postfix considers valid, such as one for which your server relays, or a virtual domain that Postfix manages.
reject_unauth_pipelining
Postfix will reject mail sent by poorly-written SMTP software that doesn’t understand how to perform command pipelining. Generally speaking, spammerware meets the description of 'poorly-written SMTP software'
reject_invalid_hostname
Postfix will reject the e-mail if the hostname supplied in the HELO or EHLO command in the SMTP transaction is formatted improperly, a common spammer tactic.
reject_non_fqdn_hostname
Postfix will reject the e-mail if the hostname supplied in the HELO or EHLO command is not a fully-qualified domain name, another common spammer tactic.
reject_maps_rbl
Postfix polls any hosts listed in the maps_rbl_domains definition to see if the IP address of the server attempting to deliver mail to us is listed there. If so, the mail is rejected.
reject_unknown_client
Postfix will reject the e-mail if the machine attempting delivery doesn’t have a PTR DNS record. (Basically, this will block connections from random IP addresses without any associated name information)
permit
The terminal condition—any mail that isn’t rejected by any of the conditions above will be accepted.
This list came originally from AFP
previous page
|