Postfix

Un article de Le wiki de 2 noisettes - noisette.ch.


Adds on

Configuration

  • helo_invalid_hostname
Helo command rejected: Invalid name; 
  • helo_unknown_hostname
Helo command rejected: Host not found;



#
# SMTP procedure                                        # which rule is triggered at this time
#
# open connexion to mailserver.com                      # smtpd_client_restrictions
# HELO mailserver.com                                   # smtpd_helo_restrictions
# MAIL FROM: <account@mailserver.com>                   # smtpd_sender_restrictions
# RCPT TO: <anotheraccount@anothermailserver.com>       # smtpd_recipient_restrictions
# DATA                                                  # smtpd_data_restrictions
# close connexion


# vers quel(s) serveur(s) forwarder les mails
transport_maps = hash:/etc/postfix/transport
# domaines a forwarder
relay_domains = $transport_maps
# ajout d'amavisd-new
#content_filter = smtp-amavis:[127.0.0.1]:10024


#
# Perform some check at the connexion of the client
#
smtpd_client_restrictions =
       reject_rbl_client relays.ordb.org               # Reject client 11.22.33.44 if host 44.33.22.11.relays.ordb.org as the value 127.0.0.2
#
# Perform some check on the HELO/EHLO command
#
smtpd_helo_restrictions =
       permit_mynetworks
       reject_invalid_helo_hostname                    # Reject the request when the hostname syntax is invalid.
       reject_unknown_helo_hostname                    # Reject the request when the hostname no DNS A or MX record.


#
# Perform some check on the MAIL FROM: command
#
smtpd_sender_restrictions =
       reject_unknown_sender_domain                    # Reject when MAIL FROM address has no DNS A or MX record
       reject_non_fqdn_sender


#
# Perform some check at the RCPT TO command
#
smtpd_recipient_restrictions =
       permit_mynetworks                               # Permit everything listed in $mynetworks
       reject_non_fqdn_recipient                       # Reject when RCPT TO is not fqdn as required by the RFC
       reject_unknown_recipient_domain                 # Reject when RCPT TO address has no DNS A or MX record
       check_policy_service unix:private/postgrey      # /var/spool/postfix/private/postgrey socket
       reject_unauth_destination                       # Reject everything that is not in $relay_domains, $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains


--> http://bind8nt.meiway.com/itsaDNSmess.cfm
--> http://www.postfix.org/docs.html