Quoting Sahil Tandon <sa...@tandon.net>:
On Mon, 09 Feb 2009, webmas...@aus-city.com wrote:
Quoting Sahil Tandon <sa...@tandon.net>:
On Mon, 09 Feb 2009, David Cottle wrote:
Yes all the files (whitelist, check_backscatterer and
check_spamcannibal) have been postmap.
I assume that as long as the whitelist is done first, anything that
is ok in the file simply should 'brute force' past the rest of the
checks, no matter how many?
If an access table within smtpd_client_restrictions evaluates to
OK, smtpd(8)
skips the remaining client_restrictions. However, one of the following
smtpd_mumble_restrictions might still trigger a REJECT. Please show
'postconf -n' and some relevant excerpts from your log.
Hi Sahil,
Here is the log:
Feb 9 09:36:55 server postfix/smtpd[26671]: warning: database
/etc/postfix/whitelist.db is older than source file
/etc/postfix/whitelist
Feb 9 09:36:55 server postfix/smtpd[26671]: connect from
unknown[64.202.189.90]
Feb 8 22:36:57 server postfix/smtpd[26671]: NOQUEUE: reject: RCPT from
unknown[64.202.189.90]: 554 5.7.1 Service unavailable; Client host
[64.202.189.90] blocked using dnsbl-1.uceprotect.net; IP 64.202.189.90 is
UCEPROTECT-Level 1 listed. See
http://www.uceprotect.net/rblcheck.php?ipr=64.202.189.90;
from=<psa...@server.aussiefrogs.com> to=<dcot...@idb.com.au> proto=SMTP
helo=<k2smtpout02-01.prod.mesa1.secureserver.net>
Feb 8 22:36:57 server postfix/smtpd[26671]: disconnect from
unknown[64.202.189.90]
Now I was playing with timestamps on the .db files, so if it detects
this does this mean the whitelist is ignored due to the error hence the
answer? I just postmap the source files again to be sure, I assume its a
warning only?
Why were you playing with timestamps? The warning means what it says; the
.db file was created during your last postmap; any changes to the source file
after that postmap are ignored. So if you added the OK for a particular
client after your last postmap (at the time of the warning), that would
explain your problem.
And as you've already been warned, it is dangerous to use UCEPROTECT to
reject at SMTP.
--
Sahil Tandon <sa...@tandon.net>
Hi Sahil,
Thanks for the clarification, I dropped UCEPROTECT out. The
timestamps were just uploading and downloading files.
Here is my new main.cf
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/whitelist, check_client_access
hash:/etc/postfix/check_backscatterer, check_client_access
hash:/etc/postfix/check_spamcannibal, reject_rbl_client
bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client
cbl.abuseat.org, reject_rbl_client 2.0.0.127.b.barracudacentral.org
Question, should I run <>, postmaster and MAILER_DAEMON through the
UCEPROTECT lists like I am doing with backscatter and spamcannibal -
these stop so much blasted backscatter its not funny..
Lastly my syntax was correct to filer these three mail from above?
<> reject_rbl_client ips.backscatterer.org
postmaster reject_rbl_client ips.backscatterer.org
MAILER-DAEMON reject_rbl_client ips.backscatterer.org
Thanks again for the help!
