Toolvox® x3, Administrator guide – Code Blue TOOLVOX X3 User Manual
Page 123
Code Blue
•
259 Hedcor Street
•
Holland, MI 49423 USA
•
800.205.7186
•
www.codeblue.com
GU-154-F
page 123 of 132
ToolVox® X3
Administrator Guide
HELO is required
Enabling this option causes Postfix to require clients to introduce themselves with a HELO header
at the beginning of an SMTP session. This may prevent some UCE software packages from
connecting, although it may also impact other legitimate clients. This option correlates to the smtpd_
helo_required and defaults to No.
Allow untrusted routing
This option configures whether Postfix will forward messages with sender-specified routing from
untrusted clients to destinations within the accepted relay domains. This feature closes a potential
loophole in access controls that would normally prevent the server from being an open relay for
spammers. If this behavior is allowed, a malicious user could exploit a backup MX mail host into
forwarding junk mail to a primary MX server that believes the mail has originated from a local
address. This option correlates to the allow_untrusted_routing and is disabled by default. Enabling
this option should be done with extreme caution to prevent turning your Postfix installation into an
open relay.
Restrict ETRN command upon...
The SMTP ETRN command is a clumsy means for clients that are not always connected to the
Internet to retrieve mail from the server. The usage of this command is rather outdated and rarely
used, as POP3 and IMAP are better suited to solve this problem. This option correlates to the
smtpd_etrn_restrictions directive and the default is to allow ETRN from any host. This option
accepts the following directives: check_etrn_access maptype:mapname, permit_naked_ip_address
, reject_invalid_hostname, check_helo_access maptype:mapname, reject_maps_rbl, reject_
unknown_client, permit_mynetworks, check_client_access, permit, reject, warn_if_reject, and
reject_unauth_pipelining.
This option, as well as the following three
Restrictions... options, accept one or all of the following
values in the text field. Each is described only once here and the specific entry will include the list of
accepted directives for the option. The impact of some of these choices depends on configuration
performed elsewhere, and could potentially open security holes if not configured carefully.
permit_mynetworks
Permit the message if the relevant address (sender or recipient, depending on the restriction) is
within the local network.
reject_unknown_client
The request will be refused if the client IP has no PTR record in the DNS. This means a client with
an IP address that cannot be resolved to a host name cannot send mail to this host.
check_client_access maptype:mapname
This option requires the inclusion of an already configured map. This will restrict, based on the
contents of the map, allowing only clients that are allowed by the map. The map may contain
networks, parent domains or client addresses, and Postfix will strip off unnecessary information to
match the client to the level of specificity needed.
check_sender_access maptype:mapname