On 04-01-2012 00:14, Noel Jones wrote:
On 1/3/2012 3:37 PM, Tolga wrote:
Hi,
I thought I'd check the logs today, and I found something curious to
me:
Jan 3 15:58:44 bilgisayarciniz postfix/smtpd[6179]: NOQUEUE:
reject: RCPT from unknown[85.95.233.13]: 554 5.7.1 Service
unavailable; Client host [85.95.233.13] blocked using
sbl.spamhaus.org;
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL100619;
from=<m...@ozelsektor.net> to=<i...@biberlifoto.net> proto=ESMTP
helo=<mail.afrodit.com>
There are many lines of such logs, all with different from addresses
and different helo addresses, except that the IP is always the same,
85.95.233.1? (? is between 1 and 9). It resolves to
localhost.mail.localdomain. What could cause such behaviour?
This is correct behavior. The owner of that IP has set their rDNS
to localhost.mail.localdomain, probably in an attempt to evade spam
filters or confuse mail admins.
I got my answer, thank you :)
Why do you call this illegal? Do you want mail from this IP address?
Some comments below...
is my postconf -n:
mailbox_size_limit = 0
A size limit of 0 (no limit) is generally unwise. Set it to some
large value. Although if you don't have any local mail users this
probably isn't used anyway.
mydestination = localhost
myhostname = mail.bilgisayarciniz.org
mynetworks = 127.0.0.0/8 127.0.0.2/32 109.232.0.0/16
Do you really control all of 109.232.0.0/16? Even so, surely you
shouldn't include it in mynetworks.
smtpd_recipient_restrictions = check_client_access
cidr:/etc/postfix/sinokorea.cidr
DO NOT put access maps above reject_unauth_destination. Move this
access map to smtpd_client_restrictions
http://www.postfix.org/SMTPD_ACCESS_README.html#danger
permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unauth_pipelining,
reject_invalid_hostname, reject_rbl_client sbl.spamhaus.org,
reject_rbl_client xbl.spamhaus.org
Probably better to replace sbl and xbl with zen.spamhaus.org.
I'll consider your recommendations and comments. Thanks.
-- Noel Jones
