Difference between revisions of "Jkhondhu"

(Notes)
(Notes)
Line 51: Line 51:
  
  
====Postfix====
+
===Postfix===
 
You can put the following access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command.
 
You can put the following access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command.
 
smtpd_recipient_restrictions =
 
smtpd_recipient_restrictions =
Line 67: Line 67:
 
*permit
 
*permit
  
=====zimbraAmavisOriginatingBypassSA=====
+
===zimbraAmavisOriginatingBypassSA===
 
*$ zmprov desc -a zimbraAmavisOriginatingBypassSA
 
*$ zmprov desc -a zimbraAmavisOriginatingBypassSA
 
zimbraAmavisOriginatingBypassSA
 
zimbraAmavisOriginatingBypassSA

Revision as of 09:29, 6 March 2015

Notes

Milter

  • milter_default_action (default: tempfail)
  • The default action when a Milter (mail filter) application is unavailable or mis-configured. Specify one of the following:
  • accept

Proceed as if the mail filter was not present.

  • reject

Reject all further commands in this session with a permanent status code.

  • tempfail

Reject all further commands in this session with a temporary status code.

  • quarantine

Like "accept", but freeze the message in the "hold" queue. Available with Postfix 2.6 and later.

  • postconf -e milter_default_action=accept
  • zmconfigdctl restart
  • zmmilterctl restart
  • zmmtactl restart
  • Postfix Before Queue filter - http://www.postfix.org/SMTPD_PROXY_README.html
  • HELO sendinghostname This command initiates the SMTP conversation. The host connecting to the remote SMTP server identifies itself by it's fully qualified DNS host name.
  • EHLO sendinghostname An alternative command for starting the conversation. This states that the sending server wants to use the extended SMTP (ESMTP) protocol.
  • MAIL From:<source email address> This is the start of an email message. The source email address is what will appear in the "From:" field of the message.
  • RCPT To:<destination email address> This identifies the receipient of the email message. *This command can be repeated multiple times for a given message in order to deliver a single message to multiple receipients.
  • SIZE=numberofbytes The size command tells the remote sendmail system the size of the attached message in bytes. If ommited, mail readers and delivery agents will try to determine the size of a message based on indicators such as them being terminated by a "." on a line by themselves and headers being sent on a line separated from body text by a blank line. But these methods get confused when you have headers or header like information embedded in messages, attachements, etc.
  • DATA This command signifies that a stream of data, ie the email message body, will follow. The stream of data is terminated by a "." on a line by itself.
  • QUIT This terminates an SMTP connection. Multiple email messages can be transfered during a single TCP/IP connection. This allows for more efficient transfer of email. To start another email message in the same session, simply issue another "MAIL" command.
  • VRFY username This command will request that the receiving SMTP server verify that a given email username is valid. The SMTP server will reply with the login name of the user. This feature can be turned off in sendmail because allowing it can be a security hole. VRFY commands can be used to probe for login names on a system. See the security section below for information about turning off this feature.
  • EXPN aliasname EXPN is similar to VRFY, except that when used with a distribution list, it will list all users on that list. This can be a bigger problem than the "VRFY" command since sites often have an alias such as "all".

Subject:

Cc:

Reply-To: Email header lines are not SMTP commands per se. They are sent in the DATA stream for a message. Header lines appear on a line by themselves, and are seperated from the body of a message by a blank line.


  • zmprov desc -a zimbraReverseProxySSLToUpstreamEnabled

If set as TRUE, proxy will use SSL to connect to the upstream mail servers for web and mail proxy. Note admin console proxy always use https no matter how this attr is set.

  • zimbraReverseProxyHttpEnabled - Web
  • zimbraReverseProxyMailEnabled - Mail
  • zimbraReverseProxyPop3StartTlsMode - POP3 clear text login mode - cleartext, starttls, both
  • zimbraFeaturePop3DataSourceEnabled
  • zimbraPop3CleartextLoginEnabled - Enable clear text login
  • zimbraDataSourceConnectTimeout: 30
  • zimbraDataSourceConnectionType: cleartext
  • zimbraDataSourceReadTimeout: 60
  • zimbraFeatureMobileSyncEnabled - Enable Mobile Sync
  • zimbraFeatureMobilePolicyEnabled - Enable Mobile Policy


Postfix

You can put the following access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command. smtpd_recipient_restrictions =

  • reject_invalid_hostname, - Reject email if it not valid hostname
  • reject_non_fqdn_hostname, - Reject email if it not valid FQDN
  • reject_non_fqdn_sender, - Reject the request when the MAIL FROM address is not in fully-qualified *domain form. For example email send from xyz or abc is rejected.
  • reject_non_fqdn_recipient, - Reject the request when the RCPT TO address is not in fully-qualified domain form
  • reject_unknown_sender_domain, - Reject email, if sender domain does not exists
  • reject_unknown_recipient_domain, Reject email, if recipient domain does not exists
  • permit_mynetworks,
  • reject_rbl_client list.dsbl.org, Configure spam black lists
  • reject_rbl_client sbl.spamhaus.org,
  • reject_rbl_client cbl.abuseat.org,
  • reject_rbl_client dul.dnsbl.sorbs.net,
  • permit

zimbraAmavisOriginatingBypassSA

  • $ zmprov desc -a zimbraAmavisOriginatingBypassSA

zimbraAmavisOriginatingBypassSA

   Whether or not Amavis should Bypass SpamAsassin for originating email.
   Defaults to FALSE
              type : boolean
             value :
          callback :
         immutable : false
       cardinality : single
        requiredIn :
        optionalIn : globalConfig,server
             flags : serverInherited
          defaults : FALSE
               min :
               max :
                id : 1464
   requiresRestart : mta
             since : 8.5.0
   deprecatedSince :


DCC

  • a digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.
  • Fuzzy logic is a form of many-valued logic that deals with approximate, rather than fixed and exact reasoning.
  • Distributed Checksum Clearinghouse (also referred to as DCC) is a hash sharing method of spam email detection[citation needed].
  • The basic logic in DCC is that most spam mails are sent to many recipients. The same message body appearing many times is therefore bulk email. DCC identifies bulk email by taking a checksum and sending that checksum to a Clearinghouse (server). The server responds with the number of times it has received that checksum. An individual email will create a score of 1 each time it is processed. Bulk mail can be identified because the response number is high. The content is not examined. DCC works over the UDP protocol and uses little bandwidth.
  • The DCC or Distributed Checksum Clearinghouse is a system of servers collecting and counting checksums of millions of mail messages. The counts can be used by SpamAssassin to detect and reject or filter spam.

Because simplistic checksums of spam can be easily defeated, the main DCC checksums are fuzzy and ignore aspects of messages. The fuzzy checksums are changed as spam evolves.


Jump to: navigation, search