DevHeads.net

Postings by Nick Howitt

Is it possible to use header checks on multiple headers

I am receiving some not very nice spam and I was wondering if I could
use as a single filter:

Return-Path: is not from my domain

Or am I using completely the wrong tool for this?

Thanks,
Nick

reject_unknown_reverse_client_hostname query

I have the follosing restrictions in main.cf:

smtpd_client_restrictions = permit_mynetworks,
reject_unknown_reverse_client_hostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_invalid_hostname, check_policy_service
unix:/var/spool/postfix/postgrey/socket, reject_unauth_pipelining,
reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_desti

Assistance to protect from spam flood

Hi all,
Until recently I did not receive too much spam and had it pretty-much
under control. This week has gone mental. So far this week I have
received 29860 connection attempts form {some_random_number}@qq.com to
{the_same_random_number}@howitts.co.uk.

I have a mail server and two backup MX servers and most of the mail is
arriving via one of the backup servers.

Can this sort of spam be easily and safely blocked in postfix

Hi,
In the last few weeks I've seen a increase in the number of e-mails with
nasty .doc or .xls files, generally with some sort of invoice supposedly
in them. Can postfix be reliably configured to block them at source.

Authentication query

Hi,

I'm afraid I struggle a bit with understanding all the various
restrictions with their meaning and where they are applied to so can I
please have some help?

Last night I noticed one IP address repeatedly trying to authenticate on
port 25, trying different user names until he finally went away on his
own accord. I have a small family server at home and I have no need for
any valid user on my LAN to authenticate so I have permit_mynetworks in
my restrictions.

Certificate only authentication on 587

<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
Following previous conversations here I have user/pass
authentication working on 587. I am hoping to take this one stage
further by using certificate authentication, perhaps without
user/pass authentication, but I am failing. The client I am using is
K-9 mail and to an extant I have been using the following two
guides:

Default actions on restrictions

<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
I am trying to set up authentication on 587 and I'm struggling with
the postfix implementation in ClearOS. I have a restriction:

How do I get User/Password authentication on 587 only for relaying

<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
Up to now I have been using postfix as an internal server at home
relaying messages from internal clients to my ISP, but also
receiving mail on port 25.<br>
Now my wife has an Android, I'd like to enable her to send mail
through the server when out and about. With the options I have with
the ClearOS front end, to allow user/pass authentication it sets:<br>
<blockquote>smtpd_sasl_auth_enable = yes

Problem relaying through Virginmedia (ntlworld) with authentication

<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
My ISP Virginmedia (VM) suddenly made authentication compulsory a
couple of days ago. I use Thunderbird relaying through postfix. I
did have it working a few years ago on port 587 but now they want
port 465.<br>
<br>
In main.cf I've set:<br>
<tt>smtp_sasl_auth_enable = yes</tt><tt><br>
</tt><tt>smtp_sasl_security_options = noanonymous</tt><tt>