On Mon, 09 Feb 2009, webmas...@aus-city.com wrote: > Quoting Sahil Tandon <sa...@tandon.net>: > >> On Mon, 09 Feb 2009, David Cottle wrote: >> >>> Yes all the files (whitelist, check_backscatterer and >>> check_spamcannibal) have been postmap. >>> >>> I assume that as long as the whitelist is done first, anything that >>> is ok in the file simply should 'brute force' past the rest of the >>> checks, no matter how many? >> >> If an access table within smtpd_client_restrictions evaluates to OK, smtpd(8) >> skips the remaining client_restrictions. However, one of the following >> smtpd_mumble_restrictions might still trigger a REJECT. Please show >> 'postconf -n' and some relevant excerpts from your log. > > Hi Sahil, > > Here is the log: > > Feb 9 09:36:55 server postfix/smtpd[26671]: warning: database > /etc/postfix/whitelist.db is older than source file > /etc/postfix/whitelist > Feb 9 09:36:55 server postfix/smtpd[26671]: connect from > unknown[64.202.189.90] > Feb 8 22:36:57 server postfix/smtpd[26671]: NOQUEUE: reject: RCPT from > unknown[64.202.189.90]: 554 5.7.1 Service unavailable; Client host > [64.202.189.90] blocked using dnsbl-1.uceprotect.net; IP 64.202.189.90 is > UCEPROTECT-Level 1 listed. See > http://www.uceprotect.net/rblcheck.php?ipr=64.202.189.90; > from=<psa...@server.aussiefrogs.com> to=<dcot...@idb.com.au> proto=SMTP > helo=<k2smtpout02-01.prod.mesa1.secureserver.net> > Feb 8 22:36:57 server postfix/smtpd[26671]: disconnect from > unknown[64.202.189.90] > > Now I was playing with timestamps on the .db files, so if it detects > this does this mean the whitelist is ignored due to the error hence the > answer? I just postmap the source files again to be sure, I assume its a > warning only?
Why were you playing with timestamps? The warning means what it says; the .db file was created during your last postmap; any changes to the source file after that postmap are ignored. So if you added the OK for a particular client after your last postmap (at the time of the warning), that would explain your problem. And as you've already been warned, it is dangerous to use UCEPROTECT to reject at SMTP. -- Sahil Tandon <sa...@tandon.net>
