On 2024-05-28 at 18:27:05 UTC-0400 (Tue, 28 May 2024 18:27:05 -0400)
John Hill via Postfix-users <jh...@noach.com>
is rumored to have said:
[...]
11 -o
{smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_rbl_client
xbl.spamhaus,org=127.0.0.4, reject}
reject_rbl_client doing nothing.
Order matters. In this order, Postfix MUST allow clients to make AUTH
attempts before rejecting due to the reject_rbl_client directive. If the
client never tries anything but AUTH and hangs up when those fail,
Postfix has no opportunity to actually reject it for being on the XBL
SASL logon fails ips are in manually found in XBL
But they are probably never sending a command that Postfix can use to
send a useful rejection response.
Move the permit_sasl_authenticated directive to right before the reject
directive:
-o { smtpd_client_restrictions=permit_mynetworks,reject_rbl_client
xbl.spamhaus,org=127.0.0.4,permit_sasl_authenticated,reject }
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
