On 1/3/2012 3:37 PM, Tolga wrote: > Hi, > > I thought I'd check the logs today, and I found something curious to > me: > > Jan 3 15:58:44 bilgisayarciniz postfix/smtpd[6179]: NOQUEUE: > reject: RCPT from unknown[85.95.233.13]: 554 5.7.1 Service > unavailable; Client host [85.95.233.13] blocked using > sbl.spamhaus.org; > http://www.spamhaus.org/SBL/sbl.lasso?query=SBL100619; > from=<m...@ozelsektor.net> to=<i...@biberlifoto.net> proto=ESMTP > helo=<mail.afrodit.com> > > There are many lines of such logs, all with different from addresses > and different helo addresses, except that the IP is always the same, > 85.95.233.1? (? is between 1 and 9). It resolves to > localhost.mail.localdomain. What could cause such behaviour?
This is correct behavior. The owner of that IP has set their rDNS to localhost.mail.localdomain, probably in an attempt to evade spam filters or confuse mail admins. Why do you call this illegal? Do you want mail from this IP address? Some comments below... > is my postconf -n: > > mailbox_size_limit = 0 A size limit of 0 (no limit) is generally unwise. Set it to some large value. Although if you don't have any local mail users this probably isn't used anyway. > mydestination = localhost > myhostname = mail.bilgisayarciniz.org > mynetworks = 127.0.0.0/8 127.0.0.2/32 109.232.0.0/16 Do you really control all of 109.232.0.0/16? Even so, surely you shouldn't include it in mynetworks. > smtpd_recipient_restrictions = check_client_access > cidr:/etc/postfix/sinokorea.cidr DO NOT put access maps above reject_unauth_destination. Move this access map to smtpd_client_restrictions http://www.postfix.org/SMTPD_ACCESS_README.html#danger > permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination, > reject_non_fqdn_hostname, reject_non_fqdn_sender, > reject_non_fqdn_recipient, reject_unauth_pipelining, > reject_invalid_hostname, reject_rbl_client sbl.spamhaus.org, > reject_rbl_client xbl.spamhaus.org Probably better to replace sbl and xbl with zen.spamhaus.org. -- Noel Jones
