Am 23.09.2014 um 20:09 schrieb Henry Stack:
On 23-09-2014 12:31, Reindl Harald wrote:
[...] no reason for that: smtpd_data_restrictions = reject_unauth_pipelining
its goood, the reason is to block clients who speak to early like spammers for example. http://www.postfix.org/postconf.5.html#reject_unauth_pipelining "This stops mail from bulk mail software that improperly uses ESMTP command pipelining in order to speed up deliveries."
but nobody needs "smtpd_data_restrictions" for that just add it to "smtpd_recipient_restrictions"
if you want to block spammers it's anyways the wrong tool
- use port 587 for submission
- setup http://www.postfix.org/POSTSCREEN_README.html on port 25
- postscreen_greet_action = enforce
- postscreen_greet_wait = ${stress?2}${stress:10}
with the above configuration on port 25 a sane client has to wait 10 seconds before he is allowed to talk the first time and only after passed that it has a chance to talk to smtpd at all
well, and then you can configure "postscreen_dnsbl_sites" and "postscreen_dnsbl_action = enforce" with a sensible scoring and you are rid of 90% spam at all