On Jan 6, 2012, at 5:15 AM, Stan Hoeppner wrote: > On 1/6/2012 3:05 AM, Eric Lemings wrote: > >> [root@myhost postfix]$ dig 2.0.0.127.zen.spamhaus.org. any > ... >> ;; ANSWER SECTION: >> 2.0.0.127.zen.spamhaus.org. 900 IN A 127.0.0.2 >> 2.0.0.127.zen.spamhaus.org. 900 IN A 127.0.0.10 >> 2.0.0.127.zen.spamhaus.org. 900 IN A 127.0.0.4 >> 2.0.0.127.zen.spamhaus.org. 900 IN TXT >> "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL233"; >> 2.0.0.127.zen.spamhaus.org. 900 IN TXT >> "http://www.spamhaus.org/query/bl?ip=127.0.0.2"; > > This means your queries should be working. > >> It seems the new spam control measures in my Postfix configuration may >> actually be working now. The quantity has tapered off significantly after >> the initial flood of spam which may have been queued up retries I'm guessing. > > Bot spam engines never retry failed deliveries, and greylisting relies > on this fact to block bot spam. Most snowshoe spammer hosts don't retry > either, by design. > > Considering you just consolidated everything under > smtpd_recipient_restrictions, you should share "postconf -n" output > again so we can sanity check it. Restriction order can be important, > sometimes critical.
Current 'postconf -n' output: command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 enable_server_options = yes header_checks = pcre:/etc/postfix/custom_header_checks html_directory = /usr/share/doc/postfix/html imap_submit_cred_file = /private/etc/postfix/submit.cred inet_interfaces = all local_recipient_maps = proxy:unix:passwd.byname $alias_maps mail_owner = _postfix mailbox_size_limit = 0 mailbox_transport = dovecot mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maps_rbl_domains = message_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, localhost, myhost, $mydomain, mail mydomain = lemings.com mydomain_fallback = localhost myhostname = mail.lemings.com mynetworks = 127.0.0.0/8,192.168.0.0/16 newaliases_path = /usr/bin/newaliases postscreen_dnsbl_sites = zen.spamhaus.org*2 rbl-plus.mail-abuse.org bl.spamcop.net queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_canonical_maps = hash:/etc/postfix/system_user_maps recipient_delimiter = + relayhost = sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop smtp_sasl_auth_enable = no smtp_sasl_password_maps = smtpd_enforce_tls = no smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_pw_server_security_options = cram-md5,gssapi,login,plain smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client rbl-plus.mail-abuse.org, reject_rbl_client bl.spamcop.net, check_policy_service unix:private/policy, permit smtpd_sasl_auth_enable = yes smtpd_tls_CAfile = /etc/certificates/myhost.lemings.com.F10D537E0CACDAC26C86B0FAA5A3E24477F0F6A3.chain.pem smtpd_tls_cert_file = /etc/certificates/myhost.lemings.com.F10D537E0CACDAC26C86B0FAA5A3E24477F0F6A3.cert.pem smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL smtpd_tls_key_file = /etc/certificates/myhost.lemings.com.F10D537E0CACDAC26C86B0FAA5A3E24477F0F6A3.key.pem smtpd_use_pw_server = yes smtpd_use_tls = yes strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 use_sacl_cache = yes virtual_alias_maps = $virtual_maps Still quite a bit of spam getting through. Eric.
