-3

I want to configure Postfix to reject spam from the Internet. I found the following example here:

smtpd_client_restrictions = permit_mynetworks, reject

smtpd_helo_restrictions = reject_unknown_helo_hostname

smtpd_sender_restrictions = reject_unknown_sender_domain

smtpd_relay_restrictions = permit_mynetworks, 
permit_sasl_authenticated,
reject_unauth_destination

smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated,
reject_unauth_destination
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org

smtpd_data_restrictions = reject_unauth_pipelining

But when I sent an e-mail to my domain from a Gmail account it got blocked. I then changed:

smtpd_client_restrictions = permit_mynetworks, reject

to:

smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname

and now my mail server seems to work.

Is this example provided by postfix.org a best practise or should I strengthen/weaken it?

user8056359
  • 171

1 Answers1

0

That's

Examples of simple restriction lists

It doesn't even try to be an example of a good overall configuration to prevent SPAM. You have removed the comment lines that clearly states what each of the examples are doing, e.g.

# Allow connections from trusted networks only.
smtpd_client_restrictions = permit_mynetworks, reject

It does exactly that, thus it rejects all mail from the Internet.

Esa Jokinen
  • 52,963
  • 3
  • 95
  • 151