beautypg.com

Toolvox® x3, Administrator guide – Code Blue TOOLVOX X3 User Manual

Page 123

background image

Code Blue

259 Hedcor Street

Holland, MI 49423 USA

800.205.7186

www.codeblue.com

GU-154-F

page 123 of 132

ToolVox® X3

Administrator Guide

HELO is required

Enabling this option causes Postfix to require clients to introduce themselves with a HELO header

at the beginning of an SMTP session. This may prevent some UCE software packages from

connecting, although it may also impact other legitimate clients. This option correlates to the smtpd_

helo_required and defaults to No.

Allow untrusted routing

This option configures whether Postfix will forward messages with sender-specified routing from

untrusted clients to destinations within the accepted relay domains. This feature closes a potential

loophole in access controls that would normally prevent the server from being an open relay for

spammers. If this behavior is allowed, a malicious user could exploit a backup MX mail host into

forwarding junk mail to a primary MX server that believes the mail has originated from a local

address. This option correlates to the allow_untrusted_routing and is disabled by default. Enabling

this option should be done with extreme caution to prevent turning your Postfix installation into an

open relay.

Restrict ETRN command upon...

The SMTP ETRN command is a clumsy means for clients that are not always connected to the

Internet to retrieve mail from the server. The usage of this command is rather outdated and rarely

used, as POP3 and IMAP are better suited to solve this problem. This option correlates to the

smtpd_etrn_restrictions directive and the default is to allow ETRN from any host. This option

accepts the following directives: check_etrn_access maptype:mapname, permit_naked_ip_address

, reject_invalid_hostname, check_helo_access maptype:mapname, reject_maps_rbl, reject_

unknown_client, permit_mynetworks, check_client_access, permit, reject, warn_if_reject, and

reject_unauth_pipelining.

This option, as well as the following three

Restrictions... options, accept one or all of the following

values in the text field. Each is described only once here and the specific entry will include the list of

accepted directives for the option. The impact of some of these choices depends on configuration

performed elsewhere, and could potentially open security holes if not configured carefully.

permit_mynetworks

Permit the message if the relevant address (sender or recipient, depending on the restriction) is

within the local network.

reject_unknown_client

The request will be refused if the client IP has no PTR record in the DNS. This means a client with

an IP address that cannot be resolved to a host name cannot send mail to this host.

check_client_access maptype:mapname

This option requires the inclusion of an already configured map. This will restrict, based on the

contents of the map, allowing only clients that are allowed by the map. The map may contain

networks, parent domains or client addresses, and Postfix will strip off unnecessary information to

match the client to the level of specificity needed.

check_sender_access maptype:mapname

See also other documents in the category Code Blue Communication: