Stop via the DNS zone

Discussion in 'ISPConfig 3 Priority Support' started by misterm, Apr 20, 2017 at 12:52 PM.

  1. misterm

    misterm Member HowtoForge Supporter

    Hello
    Is it possible to disable unknown (spam) connections via the DNS zone?
    Thank you
    Mz
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    DNS is more or less like a phonebook, it translates domains to IP numbers plus it allows to store some domain specific data in records like the TXT record. So you can not disable connections to the mail system (postfix) by using DNS.

    What you can do is that you use techniques like Dkim to sign mails digitally, Dkim stores it's public keys in the DNS system. But that's not forbidding something, it is just a technology, together with things like SPD records, to digitally verify that an email is sent by a server that is allowed to send email for this domain and to ensure email integrity. More details on Dkim can be found here: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
     
  3. misterm

    misterm Member HowtoForge Supporter

    Is this kind of problem how one can eject it, without touching the false positive?
    MZ
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You can add these settings to reject invalid, unknown or non-fqdn sender and recipients in the smtp_recipient_restrictions line in postfix main.cf:

    reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_recipient_domain,reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_unknown_recipient_domain

    But of course, no setting to prevent spam is without false positives. In case that a valid sender has not setup his mail server correctly, then his emails will be rejected as well.
     

Share This Page