Toolvox® x3, Administrator guide – Code Blue TOOLVOX X3 User Manual
Page 129
Code Blue
•
259 Hedcor Street
•
Holland, MI 49423 USA
•
800.205.7186
•
www.codeblue.com
GU-154-F
page 129 of 132
ToolVox® X3
Administrator Guide
Debugging features
Postfix has two levels of logging. The first level is the normal maillog, which reports on all normal
mail activities, such as received and sent mail, server errors, shutdowns and startups. The second
level is more verbose and can be tuned to log activity relating to specific SMTP clients, host names
or addresses. This page contains the configuration for the second level of logging.
List of domain/network patterns for which verbose log is enabled
This is a list of patterns or addresses that match the clients, hosts or addresses whose activity you
would like to have more verbose logging for. Values could be an IP address like 192.168.1.1 or
a domain name like swelltech.com. This option correlates to the debug_peer_list directive and is
empty by default.
Verbose logging level when matching the above list
Specifies the level of verbosity of the logging for the activity that matches the above patterns. This
option correlates to the debug_peer_level directive and defaults to 2. The above field must have at
least one value for this debug level to have any impact.
Postfix, Unsolicited Commercial Email and Access Controls
Postfix offers an extremely flexible set of access controls, primarily targeted at preventing unsolicited
commercial email from being delivered through the server. In order to construct a suitable set of
controls, it is necessary to understand the order rules are checked and how they interact. By default,
Postfix will accept mail for delivery from or to any client on your local network and any domains that
are hosted by Postfix. So, by default, Postfix is not an open relay. This is a good beginning and all
that is needed in many environments. However, because UCE is such a nuisance for users and
network administrators, it may be worthwhile to implement more advanced filtering. This section will
address the basics of the Postfix UCE control features.
Access Control List Order
Every message that enters the smtpd delivery daemon will be processed by access control lists
and checked against rules to ensure that the message is one that the administrator actually wants
delivered. The goal for most administrators is to prevent unsolicited commercial email from passing
through these rules, yet allow legitimate emails to be delivered. This is a lofty goal, and a delicate
balance. No perfect solution exists as long as people are willing to steal resources for their own
commercial gain and go to great lengths to overcome the protections in place to prevent such
abuse. However, in most environments it is possible to develop a reasonable set of rules that
prevents most spam and allows most or all legitimate mail through unharmed.
It is important to understand the order of processing if complex sets or rules are to be used, as
attempting to use a rule too early in the chain can lead to subtle errors or strange mail client
behavior. Because not all clients react correctly to some types of refusals, and not all clients create
correctly formed SMTP requests, it is not unlikely that a misplaced rule will lock out some or all
of your clients from sending legitimate mail. It could also lead to opening a hole in your spam
protections early in the rule set, which would allow illicit mail to pass.
The Postfix UCE controls begin with a couple of simple yes or no checks, called smtpd_helo_
required and strict_rfc821_envelopes, both configured in the
SMTP Server Options page. The first,
if enabled, requires a connecting mail client to introduce itself fully by sending a HELO command.