On 12/3/2010 9:41 PM, Craig Baird wrote:
Quoting Stan Hoeppner <s...@hardwarefreak.com>:
The list welcome message directs you to include relevant log
entries (as
well as postconf -n output). I see no log entries, and thus
no error
messages to troubleshoot. Thus, I must speculate that you
probably
didn't run
postmap /etc/postfix/sender_blacklist
postfix reload
after modifying the blacklist file and main.cf.
Sorry. It's been years since I last read the welcome message. In
response to your speculation, I've run both:
postmap hash:/etc/postfix/sender_blacklist
and
postfix reload
There are no error messages in the logs. Messages from the
address in
question are simply accepted by the server.
Please show logging of the message being accepted. We need to
see if the sender address in the logs matches the sender
address in your access table.
Here's postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 51200000
mydestination = /etc/postfix/vdomains
myhostname = smtp-in-2.example.com
mynetworks = blahblahblahblah
myorigin = /etc/mailname
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_count_limit = 15
smtpd_client_connection_rate_limit = 20
smtpd_client_message_rate_limit = 20
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_sender_access
hash:/etc/postfix/sender_blacklist, check_recipient_access
hash:/etc/postfix/recipient_blacklist,
If you intend the above two checks evaluate before
permit_mynetworks and -- more importantly -- before
reject_unauth_destination, it's safer to move them to
smtpd_sender_restrictions so that an accidental OK doesn't
turn you into an open relay.
http://www.postfix.org/SMTPD_ACCESS_README.html#danger
But that doesn't explain why the access tables don't seem to
work for you. My guess is that you're using the From: header
rather than the envelope sender.
-- Noel Jones
permit_mynetworks,
reject_unauth_destination, check_client_access
cidr:/etc/postfix/cidrblacklist, reject_invalid_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_unauth_pipelining, reject_rbl_client
blahblah.zen.dq.spamhaus.net, check_policy_service
inet:127.0.0.1:60000, permit
smtpd_timeout = 45s
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps
Thanks.
Craig
