On Wednesday 04 January 2012 20:45:23 Eric Lemings wrote: > I just noticed that two of my Postfix configuration variables were > set twice, the latter of which was overriding the former. Here's > the new values:
The list policy asks for "postconf -n" because that reports values Postfix is actually using. > smtpd_client_restrictions = permit_mynetworks > permit_sasl_authenticated reject_rbl_client zen.spamhaus.org > reject_rbl_client rbl-plus.mail-abuse.org reject_rbl_client > bl.spamcop.net permit MAPS RBL is a paid service only, but I suppose you knew that. > smtpd_recipient_restrictions = BTW "client" != "recipient", in case that is what you meant by duplicated settings. They are different settings, but functionally similar. You could consolidate all of your restrictions into smtpd_recipient_restrictions. Unless you need complex whitelisting, it's usually easier that way, to only maintain one set of restrictions. > reject_unauth_pipelining, reject_non_fqdn_recipient, > reject_unknown_recipient_domain, permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination, > reject_rbl_client relays.ordb.org, > reject_rbl_clientlist.dsbl.org, Both of these are LONG dead and gone, so maybe you did not know about MAPS RBL? Also, you have no space there. Furthermore, you pasted your "postconf -n", and it shows a different setting of smtpd_recipient_restrictions. We believe what postconf(1) tells us. > reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service Zen has superceded sbl-xbl.spamhaus.org, which both below and above, you say you are using. > unix:private/policy, permit > > On Jan 4, 2012, at 6:21 PM, Eric Lemings wrote: > > Here's my Postfix configuration: > > > > [root@myhost myuser]$ postconf -n > > command_directory = /usr/sbin > > config_directory = /etc/postfix > > content_filter = smtp-amavis:[127.0.0.1]:10024 > > daemon_directory = /usr/libexec/postfix > > debug_peer_level = 2 > > enable_server_options = yes > > header_checks = pcre:/etc/postfix/custom_header_checks > > html_directory = /usr/share/doc/postfix/html > > imap_submit_cred_file = /private/etc/postfix/submit.cred > > inet_interfaces = all > > local_recipient_maps = proxy:unix:passwd.byname $alias_maps > > mail_owner = _postfix > > mailbox_size_limit = 0 > > mailbox_transport = dovecot > > mailq_path = /usr/bin/mailq > > manpage_directory = /usr/share/man > > maps_rbl_domains = > > message_size_limit = 0 > > mydestination = $myhostname, localhost.$mydomain, localhost, > > myhost, $mydomain, mail mydomain = lemings.com > > mydomain_fallback = localhost > > myhostname = mail.lemings.com > > mynetworks = 127.0.0.0/8,192.168.0.0/16 > > newaliases_path = /usr/bin/newaliases > > postscreen_dnsbl_sites = zen.spamhaus.org*2 > > rbl-plus.mail-abuse.org bl.spamcop.net > > queue_directory = /private/var/spool/postfix > > readme_directory = /usr/share/doc/postfix > > recipient_canonical_maps = hash:/etc/postfix/system_user_maps > > recipient_delimiter = + > > relayhost = > > sample_directory = /usr/share/doc/postfix/examples > > sendmail_path = /usr/sbin/sendmail > > setgid_group = _postdrop > > smtp_sasl_auth_enable = no > > smtp_sasl_password_maps = > > smtpd_client_restrictions = permit_mynetworks > > permit_sasl_authenticated reject_rbl_client zen.spamhaus.org > > reject_rbl_client rbl-plus.mail-abuse.org reject_rbl_client > > bl.spamcop.net permit smtpd_enforce_tls = no > > smtpd_helo_required = yes > > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > > hash:/etc/postfix/helo_access, reject_non_fqdn_helo_hostname, > > reject_invalid_helo_hostname, permit > > smtpd_pw_server_security_options = cram-md5,gssapi,login,plain > > smtpd_recipient_restrictions = > > permit_sasl_authenticated permit_mynetworks > > reject_unauth_destination check_policy_service > > unix:private/policy permit > > smtpd_sasl_auth_enable = yes > > smtpd_tls_CAfile = > > /etc/certificates/myhost.lemings.com.F10D537E0CACDAC26C86B0FAA5A > > 3E24477F0F6A3.chain.pem > > smtpd_tls_cert_file = > > /etc/certificates/myhost.lemings.com.F10D537E0CACDAC26C86B0FAA5A > > 3E24477F0F6A3.cert.pem > > smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL > > smtpd_tls_key_file = > > /etc/certificates/myhost.lemings.com.F10D537E0CACDAC26C86B0FAA5A > > 3E24477F0F6A3.key.pem > > smtpd_use_pw_server = yes > > smtpd_use_tls = yes > > strict_rfc821_envelopes = yes > > tls_random_source = dev:/dev/urandom > > unknown_local_recipient_reject_code = 550 > > use_sacl_cache = yes > > virtual_alias_maps = $virtual_maps > > > > [root@cyberia myuser]$ postconf | grep 'mail_version =' > > mail_version = 2.8.4 > > > > On Jan 4, 2012, at 12:12 PM, Stan Hoeppner wrote: > >> On 1/4/2012 11:31 AM, Eric Lemings wrote: > >>> Greetings, > >>> > >>> Can anyone point me to some good guides/tutorials for > >>> configuring Postfix on Mac systems? In particular, I'm trying > >>> to stop spam in its tracks. I've tried using the Server app > >>> and the older Server Admin app. I've even tried manually > >>> editing the Postfix config files by hand. Nothing seems to > >>> work. I still get hundreds of junk mails. (I have really old > >>> email addresses.) > >>> > >>> Any pointers, tips, links appreciated greatly. I could suggest signing up for the Barracuda BRBL and using Spam- eating Monkey, and could nitpick some of the postconf, but overall it's not that bad, you have sane and strong antispam controls in place. Maybe share logs and samples of the spam you got? One WAG I came up with: are you using a DNS forwarder which is probably blocked by Spamhaus? Try testing, from the Postfix host: $ dig 2.0.0.127.zen.spamhaus.org. any This should return their test records. Compare with NXDOMAIN here: $ dig 2.0.0.127.zen.spamhaus.org. any @8.8.4.4 > >> First, please supply 'postconf -n' output, as you were directed > >> in the list welcome message. This allows us to see how you are > >> currently configured so we can recommend changes that work with > >> your particular setup, and help you fix anything that's not > >> currently correct. > >> > >> Also, post the output of following command: > >> > >> $ postconf |grep 'mail_version =' (Stan, UUOG, that can be simply "postconf mail_version" :) ) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
