On 2024-05-28 at 18:50:11 UTC-0400 (Wed, 29 May 2024 00:50:11 +0200)
John Fawcett via Postfix-users <j...@voipsupport.it>
is rumored to have said:
[...]
Hi John
I think you are missing the following in master.cf for the submission
service
-o smtpd_delay_reject=no
Without that the smtpd_client_restrictions will not be evaluated when
the client connects and so you will allow the connected client to try
authentication.
That is not what is happening here. The order of restrictions within the
same restriction list matters, and Postfix is careful about logic. If
you put permit_sasl_authenticated ahead of reject_rbl_client, the permit
must be able to take effect without evaluating the reject condition.
That demands allowing as many AUTH commands as your other config will
allow to fail.
Personally I use zen.spamhaus.org=127.0.0.4 for submission, but I'm
not surgge that makes any difference respect to
xbl.spamhaus.org=127.0.0.4.
Good catch, because it could have. I believe that originally (before
Zen) XBL returned 127.0.0.2 but that is apparently no longer true. The
test address returns 127.0.0.4:
$ host 2.0.0.127.xbl.spamhaus.org
2.0.0.127.xbl.spamhaus.org has address 127.0.0.4
That is probably for the best, as anyone using xbl alone is unlikely to
be explicitly checking for anything else. In principle
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
