On Jan 4, 2012, at 9:54 PM, /dev/rob0 wrote:
> On Wednesday 04 January 2012 20:45:23 Eric Lemings wrote:
> ...
>> smtpd_recipient_restrictions =
>
> BTW "client" != "recipient", in case that is what you meant by
> duplicated settings. They are different settings, but functionally
> similar. You could consolidate all of your restrictions into
> smtpd_recipient_restrictions. Unless you need complex whitelisting,
> it's usually easier that way, to only maintain one set of
> restrictions.
After this was suggested twice, I figure it's probably a good idea so I
consolidated smtpd_client_restrictions into smtpd_recipient_restrictions. :)
> ...
> I could suggest signing up for the Barracuda BRBL and using Spam-
> eating Monkey, and could nitpick some of the postconf, but overall
> it's not that bad, you have sane and strong antispam controls in
> place. Maybe share logs and samples of the spam you got?
>
> One WAG I came up with: are you using a DNS forwarder which is
> probably blocked by Spamhaus? Try testing, from the Postfix host:
> $ dig 2.0.0.127.zen.spamhaus.org. any
> This should return their test records. Compare with NXDOMAIN here:
> $ dig 2.0.0.127.zen.spamhaus.org. any @8.8.4.4
I ran these two dig commands. Here's the output from my mail server:
[root@myhost postfix]$ dig 2.0.0.127.zen.spamhaus.org. any
; <<>> DiG 9.7.3-P3 <<>> 2.0.0.127.zen.spamhaus.org. any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48990
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;2.0.0.127.zen.spamhaus.org. IN ANY
;; ANSWER SECTION:
2.0.0.127.zen.spamhaus.org. 900 IN A 127.0.0.2
2.0.0.127.zen.spamhaus.org. 900 IN A 127.0.0.10
2.0.0.127.zen.spamhaus.org. 900 IN A 127.0.0.4
2.0.0.127.zen.spamhaus.org. 900 IN TXT
"http://www.spamhaus.org/SBL/sbl.lasso?query=SBL233";
2.0.0.127.zen.spamhaus.org. 900 IN TXT
"http://www.spamhaus.org/query/bl?ip=127.0.0.2";
;; Query time: 58 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Fri Jan 6 01:40:57 2012
;; MSG SIZE rcvd: 213
[root@myhost postfix]$ dig 2.0.0.127.zen.spamhaus.org. any @8.8.4.4
; <<>> DiG 9.7.3-P3 <<>> 2.0.0.127.zen.spamhaus.org. any @8.8.4.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33677
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;2.0.0.127.zen.spamhaus.org. IN ANY
;; AUTHORITY SECTION:
zen.spamhaus.org. 150 IN SOA need.to.know.only.
hostmaster.spamhaus.org. 1201060830 3600 600 432000 150
;; Query time: 157 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Fri Jan 6 01:43:09 2012
;; MSG SIZE rcvd: 108
Not sure how to interpret that output though.
It seems the new spam control measures in my Postfix configuration may actually
be working now. The quantity has tapered off significantly after the initial
flood of spam which may have been queued up retries I'm guessing.
Eric.
