Re: Got Postfix now what?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you Roger,
For the wonderful information (especially the links to discover if my server is an open relay!!!)

Thanks again for this wonderful e-mail, This is exactly what I  was looking for 

Thanks again!!,
JP
----- Original Message -----
From: Roger Grosswiler <roger@xxxxxxxx>
Date: Monday, February 23, 2004 2:18 am
Subject: Re: Got Postfix now what?

> > On Sun, 2004-02-22 at 14:54, WA9ALS - John wrote:
> [snip]
> > No offense, but this needs to be incremental and PLANNED.
> [/snip]
> hello jwp,
> 
> so i understand you well, as i learned it the same way as you, but 
> beganwithout community and ended up on a realtime-blackhole-list-
> server with
> about 25 entries...it took me weeks, get my domain from the 
> list...savethis thime.
> 
> Here is a proposal, what i insered at the end of my main.cf, just 
> for some
> security reasons. You find a lot of explanations for this at
> http://www.postfix.org
> 
> #
> # Security
> smtpd_helo_restrictions = reject_unauth_pipelining
> #smtpd_sasl_auth_enable = yes
> #smtpd_sasl_security_options = noanonymous
> #broken_sasl_auth_clients = yes
> smtpd_recipient_restrictions =  reject_unknown_sender_domain,
>                                reject_non_fqdn_sender,
>                                permit_mynetworks,
> # needed, if you do pop-before-smtp and some rbl-checkups:
>                                check_client_access
> hash:/etc/postfix/pop-before-smtp,
>                                reject_unauth_destination,
>                                reject_rbl_client bl.spamcop.net,
>                                reject_rbl_client relays.ordb.org,
> proxies.relays.monkeys.com,
>                                reject_rbl_client sbl.spamhaus.org,
>                                permit
> 
> 
> also, make sure, that you have clean entries in your main.cf for 
> $mydomainand $myhostname. Make sure, that your do not let relay 
> something outside
> your private ip-range with the mynetworks-parameter:
> 
> myhostname = host.domain.net
> mydomain = domain.net
> mynetworks = 192.168.0.0/24, 127.0.0.0/8, 10.0.0.0/8
> 
> Also think about installing something like Amavis or equivalent to do
> virus- and spamchecking whilst your smtp-server (postfix) is receving
> mail.
> 
> you can check your mailserver for being a open relay or not on the
> following url's:
> 
> http://www.relaycheck.com/test.asp
> http://www.antispam-ufrj.pads.ufrj.br
> 
> make also sure, that if you have a proxy installed, it is hidden 
> behindyour firewall, because otherwise, a spammer could also use 
> your server
> with this.
> 
> For your thing with the mailboxes:
> 
> you will find in /etc/xinetd.d a file called imap and imaps and 
> pop and
> pop3s (or so...)
> 
> edit them and change the line disabled from yes to no. save the 
> files and
> restart xinetd with '/sbin/service xinetd restart'.
> 
> This should already make working your imap-server. You can check this
> doing a 'telnet localhost imap'. This should give you a list of some
> capabilities of your imap-server. You can quit with 'a01 logout'.
> 
> Local delivery is done already in postfix, so mails will get 
> delivered in
> the home-directories of the users.
> 
> remember, that your e-mail-adresses are the same like your 
> usernames. If
> this is not the wish, do 'man aliases', this makes you more flexible.
> 
> i know this is a lot of info, perhaps you already have this. Also my
> entries about security are not the last of wisedom...it's a ongoing
> process...
> 
> HTH
> Roger
> 
> 
> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> 




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux