postfixアクセス制御まわり
RBL、SORBSは厳しすぎて(gmailのoutgoingすら排除とは…)、今のところこうなった
smtpd_helo_required = yes disable_vrfy_command = yes smtpd_client_restrictions = permit_mynetworks reject_unknown_reverse_client_hostname check_client_access pcre:/etc/postfix/client_access reject_unknown_client_hostname smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname #reject_unknown_helo_hostname # vector.co.jp... smtpd_data_restrictions = permit_mynetworks reject_unauth_pipelining smtpd_sender_restrictions = permit_mynetworks reject_non_fqdn_sender check_sender_access pcre:/etc/postfix/sender_access reject_unknown_sender_domain smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_non_fqdn_recipient check_recipient_access pcre:/etc/postfix/recipients_access reject_unknown_recipient_domain reject_unverified_recipient reject_rbl_client bl.spamcop.net #reject_rbl_client dnsbl.sorbs.net # rejects google smtp reject_rbl_client zen.spamhaus.org reject_rbl_client b.barracudacentral.org reject_rhsbl_sender spam.dnsbl.sorbs.net #reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_sender zen.spamhaus.org address_verify_negative_expire_time = 30d address_verify_negative_refresh_time = 1d address_verify_positive_expire_time = 300d address_verify_positive_refresh_time = 30d unverified_recipient_reject_code = 550