My understanding of client and sender are these:
Client: An application used to send, receive e-mail messages.
Sender: The from or sender "name" in the header that shows who (is
claimed to have) sent the email.
The context of the use that has me concerned are these:
smtpd_client_restrictions and smtpd_sender_restrictions
I currently have these lines in main.cf:
check_client_access=hash:/etc/postfix/access
smtpd_client_restrictions =
permit_mynetworks
hash:/etc/postfix/whitelist
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.njabl.org
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.4
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.5
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.6
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.7
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.8
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.9
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.10
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.11
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.13
permit
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/greylist
check_sender_access hash:/etc/postfix/sender_access
permit_mynetworks
reject_unknown_sender_domain
To me the content of the sender_access hash makes sense if it contains
terms such as
luck...@yaha.com DISCARD
Does it also work correctly if that same files also has terms such as
64.94.244 DISCARD
where the intent is to block any of
64.94.244.xxx
?
Right now that ip address example shown above (64.94.244) is in the
sender_access file (and the sender_access.db) but the log file shows
events such as this:
Sep 27 17:56:19 mgxx postfix/cleanup[22432]: 596A81FFCD: hold: header
Received: from av7.experience.com (unknown [64.94.244.50])??by
mgxx.cnm.edu (Postfix) with SMTP id 596A81FFCD??for <gle...@cnm.edu>;
Sun, 27 Sep 2009 17:56:16 -0600 (MDT) from unknown[64.94.244.50];
from=<no_re...@experience.com> to=<xx...@cnm.edu> proto=SMTP
helo=<av7.experience.com>
Sep 27 17:56:19 mgxx postfix/cleanup[22432]: 596A81FFCD: message-
id=<27390832.651.1254095751632.javamail.r...@av7.experience.com>
Sep 27 17:56:19 mgxx postfix/cleanup[22432]: 596A81FFCD: warning:
header Subject: eRecruiting Saved Search - Abq-Lots from
unknown[64.94.244.50]; from=<no_re...@experience.com>
to=<xx...@cnm.edu> proto=SMTP helo=<av7.experience.com>
Sep 27 7:56:22 mgxx MailScanner[9931]: Requeue: 596A81FFCD.2D1A1 to C98C42016A
Sep 27 17:56:22 mgxx postfix/qmgr[24665]: C98C42016A:
from=<no_re...@experience.com>, size=33955, nrcpt=1 (queue active)
Sep 27 17:56:22 mgxx postfix/smtp[23167]: C98C42016A:
to=<gle...@tvimail.cnm.edu>, orig_to=<gle...@cnm.edu>,
relay=tvimail.cnm.edu[198.133.181.119]:25, delay=5.7,
delays=5.6/0/0/0.03, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Sep 27
17:56:22 mg05 postfix/qmgr[24665]: C98C42016A: removed
Based upon my understanding of the definitions of the terms I have
always been uncertain about putting ip blocks in the same file. I have
been told it has been working practice at this college for years
before I got here. I need to be certain we are doing the right things.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
