Got Postfix now what?
live4bacon at optonline.net
live4bacon at optonline.net
Tue Feb 24 03:12:14 UTC 2004
Thank you Roger,
For the wonderful information (especially the links to discover if my server is an open relay!!!)
Thanks again for this wonderful e-mail, This is exactly what I was looking for
Thanks again!!,
JP
----- Original Message -----
From: Roger Grosswiler <roger at gwch.net>
Date: Monday, February 23, 2004 2:18 am
Subject: Re: Got Postfix now what?
> > On Sun, 2004-02-22 at 14:54, WA9ALS - John wrote:
> [snip]
> > No offense, but this needs to be incremental and PLANNED.
> [/snip]
> hello jwp,
>
> so i understand you well, as i learned it the same way as you, but
> beganwithout community and ended up on a realtime-blackhole-list-
> server with
> about 25 entries...it took me weeks, get my domain from the
> list...savethis thime.
>
> Here is a proposal, what i insered at the end of my main.cf, just
> for some
> security reasons. You find a lot of explanations for this at
> http://www.postfix.org
>
> #
> # Security
> smtpd_helo_restrictions = reject_unauth_pipelining
> #smtpd_sasl_auth_enable = yes
> #smtpd_sasl_security_options = noanonymous
> #broken_sasl_auth_clients = yes
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_non_fqdn_sender,
> permit_mynetworks,
> # needed, if you do pop-before-smtp and some rbl-checkups:
> check_client_access
> hash:/etc/postfix/pop-before-smtp,
> reject_unauth_destination,
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client relays.ordb.org,
> proxies.relays.monkeys.com,
> reject_rbl_client sbl.spamhaus.org,
> permit
>
>
> also, make sure, that you have clean entries in your main.cf for
> $mydomainand $myhostname. Make sure, that your do not let relay
> something outside
> your private ip-range with the mynetworks-parameter:
>
> myhostname = host.domain.net
> mydomain = domain.net
> mynetworks = 192.168.0.0/24, 127.0.0.0/8, 10.0.0.0/8
>
> Also think about installing something like Amavis or equivalent to do
> virus- and spamchecking whilst your smtp-server (postfix) is receving
> mail.
>
> you can check your mailserver for being a open relay or not on the
> following url's:
>
> http://www.relaycheck.com/test.asp
> http://www.antispam-ufrj.pads.ufrj.br
>
> make also sure, that if you have a proxy installed, it is hidden
> behindyour firewall, because otherwise, a spammer could also use
> your server
> with this.
>
> For your thing with the mailboxes:
>
> you will find in /etc/xinetd.d a file called imap and imaps and
> pop and
> pop3s (or so...)
>
> edit them and change the line disabled from yes to no. save the
> files and
> restart xinetd with '/sbin/service xinetd restart'.
>
> This should already make working your imap-server. You can check this
> doing a 'telnet localhost imap'. This should give you a list of some
> capabilities of your imap-server. You can quit with 'a01 logout'.
>
> Local delivery is done already in postfix, so mails will get
> delivered in
> the home-directories of the users.
>
> remember, that your e-mail-adresses are the same like your
> usernames. If
> this is not the wish, do 'man aliases', this makes you more flexible.
>
> i know this is a lot of info, perhaps you already have this. Also my
> entries about security are not the last of wisedom...it's a ongoing
> process...
>
> HTH
> Roger
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list