Roland Plüss a écrit :
> I only enclosed the HTML tags in the email body with comment marks. The
> logs are unaltered except hidding one email address.
>
so what logs are these? I mean, how were these logs generated?
Dec 10 18:03:41 [postfix/smtpd] connect from
99-206-220-166.pools.spcsdns.net[99.206.220.166]
a standard unix log line would look like this:
Dec 10 18:03:41 yourhost postfix/smtpd[390]: connect from
99-206-220-166.pools.spcsdns.net[99.206.220.166]
In particular, it has the pid (the [390] in this example).
if you followed the "mentioned threads", then that mail should have been
blocked. your sender_access should contain
rptd.ch REJECT not authorized blah blah
do not forget to postmap the file.
> What goes for zen.spamhaus.org... I've got this one in my config... but
> it seems to not work ( host not found ).
try
$ host 2.0.0.127.zen.spamhaus.org
This should return
2.0.0.127.zen.spamhaus.org has address 127.0.0.4
2.0.0.127.zen.spamhaus.org has address 127.0.0.10
2.0.0.127.zen.spamhaus.org has address 127.0.0.2
Note that spamhaus require you to pay for a feed if you query them too
much. so if you get a lot of mail, you'll need a feed. Also, if you
forward DNS queries to your ISP, and your ISP doesn't pay for a feed,
then your queries will be blocked as well.
you could also reject "dynamic like" helo names with a
check_helo_access pcre:/etc/postfix/access_helo.pcre
== access_helo.pcre
/^\d+([-\.]\d+){3}\./ REJECT dynamic like helo hostname. Please fix your
HELO or use your ISP relay
WARNING: untested/unvalidated/no warranty/...
Examples have been posted on the list (more or less recently).
In another post, you wrote:
> SASL is a problem. I tried doing it once but as soon as I enable the
> entire system totally breaks. I tried various tuts and howtos but to
> no avail. SASL stays broken and I can't get it working. I'm running
> hardened 64bit here and postfix crashes left and right if not compiled
> with a no-pie compiler. With SASL compiled in it also crashes left and
> right with a no-pie compiler so I'm somehow forced to find another way
> around this problem.
you can try dovecot sasl implementation, if you have a recent postfix.
