(09-15-2014, 05:28 AM)Me.B Wrote: I may not agree on using Black lists, this will reject a lot of spam but will result in painfull false positive. Far better to use it in scroring system.
Will check all the other settings.
Notice ALL help here over Sentora security is welcome.
M B
I agree. But the blacklists are an option. You don't have to turn them on. The most important part is to make sure you have the security settings in place to stop a relay attack. These settings are from 3 days of figuring out how to stop a massive relay attack.
They successfully got through my ZPanel servers with the default Postfix settings so I am sharing this information in the hopes you don't have to go though the same thing I went through. I think if you include the additional settings in the distribution, it will help secure Postfix. Postfix is a really tricky animal and one setting can really throw everything off.
Postfix is super robust and can handle a ton of email, however, it is very complex and the configs are not for the faint of heart. I know many other hosts and developers use other products because of the time and expertise it takes to make sure it is secure. I personally know Postfix pretty dam well and it is still a challenge to me many times.
For example, GoDaddy and Hostek (Two big hosting companies) use SmarterMail just because it is more straightforward to administer and secure. It is also much easier to diagnose. I know its not an option here, however, maybe a simpler email open source server can be integrated into Sentora down the road.
I know Postfix has the unique ability to read SQL lists from the DB so it may be tough to replace but I definitely recommend heavy security testing if you are going to keep it in the product.
