On Apr 19, 2010, at 12:36 PM, /dev/rob0 wrote: > On Mon, Apr 19, 2010 at 08:31:19AM -0400, donovan jeffrey j wrote: >> abuseat.org is working fine. I'm only having trouble with zen. >> Apr 19 08:29:12 mail2 postfix/smtpd[21642]: NOQUEUE: reject: RCPT >> from unknown[117.201.68.108]: 554 Service unavailable; Client host >> [117.201.68.108] blocked using cbl.abuseat.org; Blocked - see >> http://cbl.abuseat.org/lookup.cgi?ip=117.201.68.108; >> from=<du...@beth.k12.pa.us> to=<du...@beth.k12.pa.us> proto=ESMTP > > Whilst it appears that the DNS problem has been sorted, I'm going to > suggest a different approach to this one. > >> helo=<[117.201.69.50]> >> >> any ideas ? > > The bracketed IP address is a valid HELO, commonly seen from your > authenticating clients. There is no reason why a real MTA should be > using such a HELO. I block these with a pcre: map. > > !/[[:alpha:]]/ 502 5.5.4 > We find that all-numeric EHLO/HELO greetings are usually > spam. If not, please ask your postmaster to correct the > server's EHLO/HELO greeting. > !/\./ 502 5.5.4 > We find that non-qualified EHLO/HELO greetings are usually > spam. If not, please ask your postmaster to correct the > server's EHLO/HELO greeting. > > This would fall under the first condition, "a helo which contains no > alpha characters." The second condition is my own reimplementation of > Postfix's built-in reject_non_fqdn_helo_hostname restriction. > > Obviously these MUST NOT be applied to authenticating users, same as > with Zen. Precede this lookup with your permit_* restrictions for > relaying users (and move submission off of port 25, if applicable.) > -- > Offlist mail to this address is discarded unless > "/dev/rob0" or "not-spam" is in Subject: header >
thanks rob, I will chew on this for weeks Im sure. right now im trying to figure out why my dns server won't speak to spamhaus. -- oh wait., by the time i typed this email. i got an authoritative answer; dns:~ root# nslookup 2.0.0.127.zen.spamhaus.org Server: 209.96.96.2 Address: 209.96.96.2#53 Non-authoritative answer: Name: 2.0.0.127.zen.spamhaus.org Address: 127.0.0.2 Name: 2.0.0.127.zen.spamhaus.org Address: 127.0.0.4 Name: 2.0.0.127.zen.spamhaus.org Address: 127.0.0.10 i removed the rbl from main.cf and kicked postfix. now dns can at least query????. I don't know what was up with that. do i dare put it back now? some strange foo. -j
