I looked at the various rejections for the last 31 days, and I noticed
that my unknown/HELO is very very high and my RBL is very very low.
5xx Reject relay denied 0.08%
5xx Reject HELO/EHLO 45.97%
5xx Reject DATA 0.01%
5xx Reject unknown user 47.47%
5xx Reject recipient address 0.00%
5xx Reject sender address 0.11%
5xx Reject client host 1.07%
5xx Reject RBL 5.29%
5xx Reject header 0.01%
--------------------------------------------------
Total 5xx Rejects 100.00%
looking at some other stats I've been able to find, I am seeing
numbers more like 20/1/70 where I have 46/47/5
Overall, I think our accept/reject is inline with most low-value
targets (small mailservers like mine):
Accepted 13.59%
Rejected 86.41%
Though I have seen reject number much higher on some servers (95-98%!!)
I don't think I have cause to be concerned, if anything I am putting a
much lighter load on the RBL than I would be otherwise, so that's a
good thing as only 20% of my connections are being checked, but I
thought I'd see if there were any comments.
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_invalid_hostname, permit_mynetworks, check_client_access hash:
$config_directory/pbs, permit_sasl_authenticated,
reject_unauth_destination, reject_unlisted_recipient,
reject_unlisted_sender, reject_unknown_reverse_client_hostname,
warn_if_reject reject_unknown_client_hostname, check_client_access
cidr:/var/db/dnswl/postfix-dnswl-permit check_sender_access pcre:
$config_directory/sender_access.pcre, check_client_access pcre:
$config_directory/check_client_fqdn.pcre, check_recipient_access pcre:
$config_directory/recipient_checks.pcre, check_client_access hash:
$config_directory/access, reject_rbl_client zen.spamhaus.org, permit
$ cat /etc/postfix/sender_access.pcre
/^@/ 550 Invalid address format.
/[...@].*\@/ 550 This server disallows weird address syntax.
/^w...@mail\.covisp\.net/ 550 Invalid Webmail return address
/^[email protected]$/ 550 Don't Spoof as my postmaster
/^postmaster\@/ OK
/^hostmaster\@/ OK
/^abuse\@/ OK
$ cat /etc/postfix/check_client_fqdn.pcre
/^unknown$/ check_greylist
/\.?(dhcp|dialup|dynamic|ppp|pool)\.?/ REJECT Dynamic addresses
must use a real mailserver
/\.(dsl|\d+dsl|dsl\d+)\./ REJECT Dynamic DSL
looking address
/^[^\.]*[0-9][^0-9\.]+[0-9]/ check_greylist
/^[^\.]*[0-9]{5}/ check_greylist
/^([^\.]+\.)?[0-9][^\.]*\.[^\.]+\..+\.[a-z]/ check_greylist
/^[^\.]*[0-9]\.[^\.]*[0-9]-[0-9]/ check_greylist
/^[^\.]*[0-9]\.[^\.]*[0-9]\.[^\.]+\..+\./ check_greylist
(These almost never hit, but when they do it tends to be a flood, as
in last month's barrage from %[email protected])
$ cat /etc/postfix/recipient_checks.pcre
/^\@/ 550 Invalid address format.
/[...@].*\@/ 550 This server disallows weird address syntax.
/^w...@mail\.covisp\.net/ 550 Invalid Webmail return address
/^www$/ 550 Invalid Webmail return address
--
And I just don't care what happens next / looks like freedom but it
feels like death / it's something in between, I guess
