Part of my configuration:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
---> check_sender_access cidr:/etc/postfix/accept_by_ip
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_sender_domain
check_helo_access pcre:/etc/postfix/helo_check
reject_unauth_pipelining
---> check_sender_access hash:/etc/postfix/accept_by_domain
reject_rbl_client zen.spamhaus.org
check_sender_access cidr:/etc/postfix/reject_by_ip
check_sender_access hash:/etc/postfix/reject_by_domain
check_recipient_access hash:/etc/postfix/filtered_domains
permit
Is there a way to log when mail is accepted by the marked rules? The
files have entries something like:
64.206.231.0/24 OK
aacounty.org OK
I include the reject_by_ip and reject_by_domain in a daily report and
I've been asked about putting it how much mail was whitelisted.
$ postconf mail_version
mail_version = 2.3.3
$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 26214400
mydestination = $myhostname, localhost.$mydomain, localhost cadmzmx01.lereta.com
mydomain = lereta.com
myhostname = mx01.lereta.com
mynetworks = cidr:/etc/postfix/mynetworks
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = closetheloan.com dpsi-corp.com
it.lereta.com lereta.com
lereta.net lereta.org
source.totalflood.com taxandflood.com
taxandflood.net taxandflood.org
totalflood.com totalflood.net
totalflood.org
relay_recipient_maps = hash:/etc/postfix/relay_recipients
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy_map
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks
reject_unauth_destination check_sender_access
cidr:/etc/postfix/accept_by_ip reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname reject_unknown_sender_domain
check_helo_access pcre:/etc/postfix/helo_check
reject_unauth_pipelining check_sender_access
hash:/etc/postfix/accept_by_domain reject_rbl_client
zen.spamhaus.org check_sender_access
cidr:/etc/postfix/reject_by_ip check_sender_access
hash:/etc/postfix/reject_by_domain check_recipient_access
hash:/etc/postfix/filtered_domains permit
smtpd_tls_CAfile = /etc/pki/tls/certs/gd_bundle.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/wildcard.lereta.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/wildcard.lereta.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = TLSv1,SSLv3
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 55
--
Stephen Carville
