Le jeudi 16 juin 2011 19:06, Wietse Venema a écrit : > Petre Bandac: > > hello > > > > in the last period I had several complains about mail originating from > > yahoo/gmail not reaching the mailbox > > > > logging in the logs I found entries like this: > > > > ### > > Jun 16 10:07:12 mx postfix/smtpd[27072]: NOQUEUE: reject: RCPT from > > mail-fx0-f67.google.com[209.85.161.67]: 554 5.7.1 Service unavailable; > > Client host [209.85.161.67] blocked using dnsbl.sorbs.net; Currently > > Sending Spam See: http://www.sorbs.net/lookup.shtml?209.85.161.67; > > from=<x...@clicknet.ro> to=<x...@xxxx.ro> proto=ESMTP > > helo=<mail-fx0-f67.google.com> > > If you disagree with dnsbl.sorbs.net's listing policies, then don't > use that service, > > Wietse
use safe.dnsbl.sorbs.net is supposedly a safe list. I personally no longer uses SORBS, too many problems even safe.dnsbl > > > ### > > > > I figure I have the following options > > > > 1 - disable rbl checks (which I did, at the client's request; they > > also didn't feel right with the greylist settings, so I had to shut > > down that too earlier) > > > > 2 - whitelist all mail originating from yahoo/gmail/google.com by > > putting them in the files for check_client_access and > > check_sender_access (btw, is this redundant?) and keep rbl queries > > > > is there any (more) elegant solution for keeping rbl queries and allow > > legit yahoo/gmail emails ? > > > > > > thanks, > > > > petre > > > > ### > > > > excerpt from postconf -n > > > > > > > > smtpd_recipient_restrictions = > > > > check_sender_access hash:/usr/local/etc/postfix/sender_checks, > > permit_sasl_authenticated, > > permit_mynetworks, > > check_client_access > > hash:/usr/local/etc/postfix/spammers-accepted, > > reject_non_fqdn_recipient, > > reject_unknown_sender_domain, > > reject_unknown_recipient_domain, > > reject_unauth_destination, > > reject_unauth_pipelining, > > reject_invalid_hostname, > > reject_non_fqdn_hostname, > > permit_mx_backup, > > reject > > > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_authenticated_header = yes > > smtpd_sasl_security_options = noanonymous > > smtpd_sender_restrictions = permit_sasl_authenticated, > > permit_mynetworks, reject_unauth_destination > > transport_maps = hash:/usr/local/etc/postfix/transport > > unknown_address_reject_code = 554 > > unknown_client_reject_code = 554 > > unknown_hostname_reject_code = 554 > > unknown_local_recipient_reject_code = 550 > > virtual_alias_maps = > > mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf > > virtual_gid_maps = static:99 > > virtual_mailbox_base = /usr/local/virtual > > virtual_mailbox_domains = > > mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf, > > mysql_relay_domains_maps.cf > > virtual_mailbox_limit = 51200000 > > virtual_mailbox_maps = > > mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf > > virtual_minimum_uid = 1001 > > virtual_transport = maildrop > > virtual_uid_maps = static:1001 > > > > > > > > > > > > > > > > > > -- > > > > Petre Bandac > > > > Network Scientist > > > > - > > > > pe...@kgb.ro > > -- End of PGP section, PGP failed! -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7
pgpnVjHSgvFJj.pgp
Description: PGP signature
