David Cottle wrote:
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/whitelist, check_sender_access
hash:/etc/postfix/check_backscatterer, check_sender_access
hash:/etc/postfix/check_spamcannibal, reject_rbl_client
bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client
cbl.abuseat.org, reject_rbl_client b.barracudacentral.org
I would have used this but in the postfix documentation it never
showed the use of check_sender_access in smtpd_client_restrictions
So I assume this is correct now?
You were also supposed to remove cbl.abuseat.org; it's
included in the zen lookup.
One further suggestion - you may want to move your backscatter
and spamcannibal checks to smtpd_data_restrictions to be
compatible with the few services that do sender verification
callbacks.
Other than that, yes, this looks reasonable.
As for the unknown, could selinux be stopping postfix from using the
DNS? The DNS works as it serves out the DNS for the hosted domains.
Feb 9 22:31:55 server postfix/smtpd[25015]: connect from
unknown[189.6.3.109]
Yet I do a prompt from the server and reverse lookup the IP I get the
name..
SELinux is the usual suspect. Turn it off and see what
happens. If that's not it, the second guess is an incomplete
chroot jail.
If this doesn't help you get it fixed, start a new message
thread for the new problem. Include your "postconf -n" output
and logging demonstrating the problem.
--
Noel Jones
