Thank you Roger, For the wonderful information (especially the links to discover if my server is an open relay!!!) Thanks again for this wonderful e-mail, This is exactly what I was looking for Thanks again!!, JP ----- Original Message ----- From: Roger Grosswiler <roger@xxxxxxxx> Date: Monday, February 23, 2004 2:18 am Subject: Re: Got Postfix now what? > > On Sun, 2004-02-22 at 14:54, WA9ALS - John wrote: > [snip] > > No offense, but this needs to be incremental and PLANNED. > [/snip] > hello jwp, > > so i understand you well, as i learned it the same way as you, but > beganwithout community and ended up on a realtime-blackhole-list- > server with > about 25 entries...it took me weeks, get my domain from the > list...savethis thime. > > Here is a proposal, what i insered at the end of my main.cf, just > for some > security reasons. You find a lot of explanations for this at > http://www.postfix.org > > # > # Security > smtpd_helo_restrictions = reject_unauth_pipelining > #smtpd_sasl_auth_enable = yes > #smtpd_sasl_security_options = noanonymous > #broken_sasl_auth_clients = yes > smtpd_recipient_restrictions = reject_unknown_sender_domain, > reject_non_fqdn_sender, > permit_mynetworks, > # needed, if you do pop-before-smtp and some rbl-checkups: > check_client_access > hash:/etc/postfix/pop-before-smtp, > reject_unauth_destination, > reject_rbl_client bl.spamcop.net, > reject_rbl_client relays.ordb.org, > proxies.relays.monkeys.com, > reject_rbl_client sbl.spamhaus.org, > permit > > > also, make sure, that you have clean entries in your main.cf for > $mydomainand $myhostname. Make sure, that your do not let relay > something outside > your private ip-range with the mynetworks-parameter: > > myhostname = host.domain.net > mydomain = domain.net > mynetworks = 192.168.0.0/24, 127.0.0.0/8, 10.0.0.0/8 > > Also think about installing something like Amavis or equivalent to do > virus- and spamchecking whilst your smtp-server (postfix) is receving > mail. > > you can check your mailserver for being a open relay or not on the > following url's: > > http://www.relaycheck.com/test.asp > http://www.antispam-ufrj.pads.ufrj.br > > make also sure, that if you have a proxy installed, it is hidden > behindyour firewall, because otherwise, a spammer could also use > your server > with this. > > For your thing with the mailboxes: > > you will find in /etc/xinetd.d a file called imap and imaps and > pop and > pop3s (or so...) > > edit them and change the line disabled from yes to no. save the > files and > restart xinetd with '/sbin/service xinetd restart'. > > This should already make working your imap-server. You can check this > doing a 'telnet localhost imap'. This should give you a list of some > capabilities of your imap-server. You can quit with 'a01 logout'. > > Local delivery is done already in postfix, so mails will get > delivered in > the home-directories of the users. > > remember, that your e-mail-adresses are the same like your > usernames. If > this is not the wish, do 'man aliases', this makes you more flexible. > > i know this is a lot of info, perhaps you already have this. Also my > entries about security are not the last of wisedom...it's a ongoing > process... > > HTH > Roger > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
