[LUNI] Re: sendmail - I have a dirty box

[William Pietri]

Martin Maney wrote:
> On Sun, Aug 20, 2006 at 12:38:42PM -0700, Ramin K wrote:
>   
>> Adding these sorts of statements to Postfix stops most of this nonsense 
>> from getting into your network.
>>
>> smtpd_recipient_restrictions =
>>         reject_invalid_hostname,
>>         reject_non_fqdn_recipient,
>>         reject_non_fqdn_sender,
>>         reject_unknown_sender_domain,
>>         reject_unknown_recipient_domain,
>>         reject_unauth_pipelining,
>>     
>
> In the best of all possible worlds, this would all be not only
> reasonable, it would be the clearly right thing to do.  In the world we
> inhabit, which is but a pale shadow of that utopia, I've seen email
> from real companies that I wanted to receive get caught by some of
> these.  invalid_hostname and/or unknown_sender_domain might have been
> the culprits - it's been too long since I last messed with these
> settings, and it's too late to be motivated to check.  :-/
>   

If your mail volume is modest, one strategy is to set these to return a 
temporary failure. A lot of spammers will only try once, so you skip a 
lot right there. Then you can keep an eye on your nightly mail reports 
and make exceptions when necessary. You could also probably do something 
easy and automated with a whitelist based on outgoing mail info.

I've done that for several years and it has worked pretty well for me.

William