On Mon, Jan 06, 2014 at 01:17:41PM -0500, Eric Cunningham wrote:
The problem is entirely with the monstrosity below:
> smtpd_recipient_restrictions =
> reject_unauth_pipelining,
> reject_non_fqdn_recipient,
Fine.
> check_sender_access pcre:/etc/postfix/access/final_sender_access,
Put this *AFTER* reject_unauth_destination to close the open relay.
> reject_unknown_recipient_domain,
> permit_sasl_authenticated,
> permit_mynetworks,
Make sure mynetworks is defined properly.
> reject_unauth_destination,
> reject_unknown_sender_domain,
> check_recipient_access pcre:/etc/postfix/access/final_recipient_access,
> check_client_access hash:/etc/postfix/access/final_client_access,
> check_helo_access pcre:/etc/postfix/access/suspect_helo,
Fine.
> reject_rbl_client b.barracudacentral.org,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client autospam.whoi.edu,
> reject_rhsbl_sender dsn.rfc-ignorant.org,
> reject_rbl_client dnsbl.ahbl.org,
> reject_rbl_client http.dnsbl.sorbs.net,
> reject_rbl_client socks.dnsbl.sorbs.net,
> reject_rbl_client misc.dnsbl.sorbs.net,
> reject_rbl_client web.dnsbl.sorbs.net,
> reject_rbl_client dul.dnsbl.sorbs.net,
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client dyna.spamrats.com,
> reject_rbl_client noptr.spamrats.com,
> reject_rbl_client virbl.dnsbl.bit.nl,
> reject_rbl_client ix.dnsbl.manitu.net,
> reject_rbl_client backscatter.spameatingmonkey.net,
> reject_rbl_client bl.spameatingmonkey.net,
> reject_rhsbl_sender fresh.spameatingmonkey.net,
> reject_rhsbl_client fresh.spameatingmonkey.net,
> reject_rhsbl_sender uribl.spameatingmonkey.net,
> reject_rhsbl_client uribl.spameatingmonkey.net,
> reject_rhsbl_sender urired.spameatingmonkey.net,
> reject_rhsbl_client urired.spameatingmonkey.net,
Me thinks that 24 RBLS is approximately 20 RBLs too many. I'll
leave it to others to suggest which ones to drop.
> check_sender_access hash:/etc/postfix/access/check_backscatterer,
> check_policy_service inet:127.0.0.1:10023,
> permit
--
Viktor.
