On 26-Mar-2009, at 13:36, Brian Evans - Postfix List wrote:
LuKreme wrote:
On 26-Mar-2009, at 11:53, Peter Blair wrote:
On Thu, Mar 26, 2009 at 12:55 PM, LuKreme <krem...@kreme.com> wrote:
Obviously I can't disable the account as it is required, but is
there
something that I can do to stop the connections for messages like
this:
Return-Path: <postmas...@covisp.net>
X-Original-To: postmas...@covisp.net
Delivered-To: postmas...@covisp.net
Received: from 55.71.98-84.rev.gaoland.net
(117.82.193-77.rev.gaoland.net
[77.193.82.117])
by mail.covisp.net (Postfix) with SMTP id A4B17118BC8B
for <postmas...@covisp.net>; Fri, 20 Mar 2009 18:18:44 -0600
(MDT)
as it is now, anything to postmaster gets a complete free pass, and
most the
mail to that account is scoring on SA up in the 20's and 30's.
Why not RBL it wish spamhaus?
Because the helo checks happen before the RBL checks and once the
message gets and OK it's no longer checked.
The helo check you mention will OK the helo_restrictions. (assuming
this
is where you have it)
However, it will not affect the recipient_restrictions.
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_invalid_hostname,
permit_mynetworks,
check_client_access hash:$config_directory/pbs,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_sender,
check_client_access cidr:/var/db/dnswl/postfix-dnswl-permit
check_helo_access pcre:$config_directory/helo_checks.pcre,
check_sender_access pcre:$config_directory/sender_access.pcre,
check_client_access pcre:$config_directory/check_client_fqdn.pcre,
check_recipient_access pcre:$config_directory/recipient_checks.pcre,
check_client_access hash:$config_directory/access,
reject_rbl_client zen.spamhaus.org,
permit
An OK is for a single restriction class. Not globally (thank
goodness).
Once the message gets OKed by helo_checks.pcre it does not get checked
by the reject_rbl_client.
--
...but then a lot of nice things turn bad out there
