Am 24.02.2015 um 19:48 schrieb Adrian Minta:
On 24.02.2015 20:40, Reindl Harald wrote:
Am 24.02.2015 um 19:37 schrieb Adrian Minta:
On 24.02.2015 20:29, Reindl Harald wrote:
don't allow senders which you would not receive mail for - period
Seems interesting, at least until the bots adapt to this. Any idea how could this be implemented?
with the configuration i have posted in that thread?
for me that was a prerequisite before even consider put my first mailserver setup on a public IP and that's enforced even on any webserver here by shared database tables
Ups ... sorry, reject_authenticated_sender_login_mismatch from smtpd_sender_restrictions ofc. I was thinking about not accepting mails from users/ip witch don't do a least one pop3 or imap read before sending
pop-before-smtp was a completly broken idea 15 years ago and is now much more after having a ton of clients behind carrier-grade NAT (mobile devices and all that stuff)
- implement SMTP auth properly
- enforce SMTP auth unconditionally
- don't allow foreign sender domains
if you can't do that 3 things don't run a public mailserver