Am 12.02.2014 16:33, schrieb L. D. James: > On 02/12/2014 10:14 AM, Viktor Dukhovni wrote: >> On Wed, Feb 12, 2014 at 10:06:48AM -0500, L. D. James wrote: >> >>> Thanks again for the input. When I post how I resolved the issue, >> The only issue is that you have not understood how to read your >> logs which log every message twice (because you're using a post-queue >> content filter). >> >> With content filters, each message is received, stored in the queue, >> and then sent via the content filter to be received and queued >> again (this time with a local client address) the second time it >> is finally delivered to its intended destination. To understand >> how a message entered your system you need to look at TWO queue-ids, >> the pre-filter queue-id and the post-filter queue-id. > > Thanks, Viktor. There is a lot I don't understand. I appreciate your taking > the time to explain the various > components. > > Blocking the "localhost.localdomain" using "helo_access" the best way that I > could decipher has stopped the spam
may i ask why you that hypersensible to "localhost.localdomain" while your own machine resolves that for 127.0.0.1? "client=localhost.localdomain[127.0.0.1]" from your log proves that HELO restrictions is not really that good solution for a sane spam-filter and if you are not damned careful to not apply them on submission you will do harm to most MUA's hence "check_helo_access" does not belong to main.cf apply it to port 25 in master.cf or you need to disable it explicit for submission (587) [harry@srv-rhsoft:~]$ host 127.0.0.1 1.0.0.127.in-addr.arpa domain name pointer localhost. [harry@srv-rhsoft:~]$ cat /etc/hosts | grep 127.0.0.1 127.0.0.1 localhost [harry@srv-rhsoft:~]$ nslookup 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 1.0.0.127.in-addr.arpa name = localhost.
