I am testing sender address verification on our servers. When I first enable reject_unverified_sender before RBL testing, in 1 day, my IP addresses was in CBL blacklist after 1 year of clerance.
Then I have tuned the configuration and put sender address verification after most of the UCE measures. The latest configuration is as below. However, then in 5-6 days the domain was in blacklist again. What can you suggest not to blacklisting again? Should I add some other measures before reject_unverified_sender? What can be? Should I disable SAV for some domains to prevent blacklisting? Which domains? Regards, Oguz, Postfix is 2.2.11 unverified_sender_reject_code = 450 smtpd_delay_reject = yes disable_vrfy_command = yes data_directory = /var/spool/postfix address_verify_map = btree:$data_directory/verify_cache address_verify_sender = double-bounce address_verify_negative_cache = yes address_verify_negative_expire_time = 1d address_verify_negative_refresh_time = 3h address_verify_positive_expire_time = 31d address_verify_positive_refresh_time = 7d smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access, check_recipient_access hash:/etc/postfix/access-st, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rhsbl_sender rhsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, check_policy_service unix:private/postgrey, reject_unverified_sender, # reject_unverified_recipient, permit_auth_destination
