Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Postfix Documentation
Previous Page Home Next Page

Relay control, junk mail control, and per-user policies

In a distant past, the Internet was a friendly environment. Mail servers happily forwarded mail on behalf of anyone towards any destination. On today's Internet, spammers abuse servers that forward mail from arbitrary systems, and abused systems end up on anti-spammer blacklists. See, for example, the information on and other websites.

By default, Postfix has a moderately restrictive approach to mail relaying. Postfix forwards mail only from clients in trusted networks, or to domains that are configured as authorized relay destinations. For a description of the default policy, see the smtpd_recipient_restrictions parameter in the postconf(5) manual page, and the information that is referenced from there.

Most of the Postfix SMTP server access controls are targeted at stopping junk email.

  • Protocol oriented: some SMTP server access controls block mail by being very strict with respect to the SMTP protocol; these catch poorly implemented and/or poorly configured junk email software, as well as email worms that come with their own non-standard SMTP client implementations. Protocol-oriented access controls become less useful over time as spammers and worm writers learn to read RFC documents.

  • Blacklist oriented: some SMTP server access controls query blacklists with known to be bad sites such as open mail relays, open web proxies, and home computers that have been compromised and that are under remote control by criminals. The effectiveness of these blacklists depends on how complete and how up to date they are.

  • Threshold oriented: some SMTP server access controls attempt to raise the bar by either making the client do more work (greylisting) or by asking for a second opinion (SPF and sender/recipient address verification). The greylisting and SPF policies are implemented externally, and are the subject of the SMTPD_POLICY_README document. Sender/recipient address verification is the subject of the ADDRESS_VERIFICATION_README document.

Unfortunately, all junk mail controls have the possibility of falsely rejecting legitimate mail. This can be a problem for sites with many different types of users. For some users it is unacceptable when any junk email slips through, while for other users the world comes to an end when a single legitimate email message is blocked. Because there is no single policy that is "right" for all users, Postfix supports different SMTP access restrictions for different users. This is described in the RESTRICTION_CLASS_README document.

Postfix Documentation
Previous Page Home Next Page