rDNS in EFA

Questions and answers about how to do stuff
Post Reply
maciekh
Posts: 27
Joined: 25 Aug 2015 10:20

rDNS in EFA

Post by maciekh »

Hello

I cant find anything about rDNS in EFA.
Is EFA secured by no rDNS filter/module ? Can it be changed/modified ?

Perfect options would be:
(at least the first one)
1. Reject connections where no reverse DNS record exists for the connecting IP address
2. Reject connections where the reverse DNS record exists for the connecting IP address, but the 'A' or 'AAAA' record of the resulting domain does not match the connecting IP address
3. Reject connections where the domain provided at HELO and EHLO has neither an 'A', nor an 'AAAA', nor an 'MX' record in DNS
4. Reject messages where the domain provided in the MAIL FROM address has neither an 'A', nor an 'AAAA', nor an 'MX' record in DNS
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: rDNS in EFA

Post by pdwalker »

This is all handled by the postfix configuration in EFA.

Specifically, if I look in /etc/postfix/main.cf, I can see the following options are set
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, reject_invalid_hostname

smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_recipient_access hash:/etc/postfix/recipient_access, check_policy_service inet:127.0.0.1:2501
Sorry, Today, I'm too lazy to check out all those postfix options and tell you what they mean, but a quick glance at the above options suggests they've already turned on the options to immediately reject mail from invalid senders before it gets into EFA.

Does that help?

edit: more information about securing postfix here. (Remember that postfix is probably already well configured in EFA)
maciekh
Posts: 27
Joined: 25 Aug 2015 10:20

Re: rDNS in EFA

Post by maciekh »

that is all i wanted to know, thank You AGAIN :)
Post Reply