On 1/21/2011 5:08 PM, Condor wrote:
Hello,
i have postfix 2.7.2 and i have problem with restrictions. I setup
smtpd_recipient_restrictions here is my main.cf config file:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/helo_checks,
check_sender_access hash:/etc/postfix/helo_checks,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_sender,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rbl_client relays.ordb.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client multihop.dsbl.org,
reject_rbl_client pbl.spamhaus.org,
permit
That file pcre:/etc/postfix/recipient_checks.pcre contain:
/^\@/ 550 Invalid address format.
/[!%\@].*\@/ 550 This server disallows weird address syntax.
/^postmaster\@/ OK
/^hostmaster\@/ OK
/^abuse\@/ OK
/^nobody\@/ REJECT
Don't escape the @ in pcre tables. ie:
/^nobody@/ REJECT nobody isn't here.
couple of nitpicks:
It's generally better to use "REJECT [optional text]" rather
than "550 [optional text]" because if you forget the optional
text, an all-numeric response means OK. It's also better to
use the optional text so that YOU know why a message was
rejected and can help folks whose mail is incorrectly handled.
Your RBL list is a mess. Several of the lists you are
querying are dead -- securitysage, wirehub, easynet, dsbl.org,
maybe others. You should use zen.spamhaus.org rather than the
other spamhaus lists.
You need to carefully review your RBLs once in a while and
make sure they are still active and doing what you expect.
After i create file i do:
postmap hash:/etc/postfix/recipient_checks.pcre
There is no need to postmap a pcre file.
and postfix reload / restart (few times)
If it didn't work once, it probably won't work the next time.
and i still can send email from yahoo to nobody on my server. Also i see
that spam ip-s that is blocked on bl.spamcop.net for example still can
send me email. That rule reject_rbl_client bl.spamcop.net does not block
them. Any one can help and tell me where is my mistake ?
Does postconf smtpd_recipient_restrictions show the the same
as what you've posted above?
If you need more help, please see
http://www.postfix.org/DEBUG_README.html#mail
http://www.postfix.org/documentation.html
-- Noel Jones
