Rename README to anti-uce.sh as it is in fact a tiny script. Update and document. Change to less experiental blackholes.

3 files changed, 14 insertions, 6 deletions

diff --git a/postfix/README b/postfix/README
deleted file mode 100644
index 322a1f0..0000000
--- a/postfix/README
+++ /dev/null
@@ -1,5 +0,0 @@
-Run something like the following:
-
-postconf -e "permit_mx_backup_networks = /etc/local-COMMON/postfix/mx_networks"
-postconf -e "maps_rbl_domains = `cat /etc/local-COMMON/postfic/rbl_lookup_hosts"
-postconf -e "smtpd_recipient_restrictions = permit_mynetworks,permit_mx_backup,reject_non_fqdn_recipient,reject_unauth_destination,reject_maps_rbl,reject"
diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh
new file mode 100755
index 0000000..d3a92f2
--- /dev/null
+++ b/postfix/anti-uce.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+postconf -e "smtpd_helo_required = yes"
+postconf -e "permit_mx_backup_networks = /etc/local-COMMON/postfix/mx_networks"
+postconf -e "maps_rbl_domains = `cat /etc/local-COMMON/postfic/rbl_lookup_hosts"
+postconf -e "smtpd_recipient_restrictions = reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unknown_recipient_domain,reject_unauth_pipelining,permit_mynetworks,permit_mx_backup,reject_unauth_destination,reject_maps_rbl,reject"
+
+# The above is based on this:
+#   http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
+# with the addition of MX backup networks and the PCRE stuff avoided
+# (PCRE is optional on newest Debian packages)
+
+# Here's a convenient overview of different blackholes:
+#   http://rbls.org/
diff --git a/postfix/rbl_lookup_hosts b/postfix/rbl_lookup_hosts
index d4ebc34..bf7d121 100644
--- a/postfix/rbl_lookup_hosts
+++ b/postfix/rbl_lookup_hosts
@@ -1 +1 @@
-relays.osirusoft.com,list.dsbl.org,multihop.dsbl.org,blackholes.five-ten-sg.com,dnsbl.njabl.org
+relays.visi.com,relays.ordb.org,inputs.relays.osirusoft.com,dialups.relays.osirusoft.com,spews.relays.osirusoft.com