-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/1/2014 8:13 AM, James Lay wrote: > Hey all, > > Trying to figure out why the below made it through > > May 1 06:57:14 gateway postfix/smtpd[15631]: warning: > hostname irc.madboxes.cc does not resolve to address > 67.51.218.144 May 1 06:57:14 gateway postfix/smtpd[15631]: > connect from unknown[67.51.218.144]
The message was accepted because none of your restrictions blocked it, and the IP wasn't listed in any of the RBLs you use. The reason the client is labeled unknown is given in the first line "irc.madboxes.cc does not resolve to address 67.51.218.144" Consider using an RSHBL such as dbl.spamhaus.org to also attempt rejects on known bad sender domain or reverse client names. Possibly the reject_rhsbl_sender would have rejected this, the domain is listed now. http://www.postfix.org/postconf.5.html#reject_rhsbl_sender http://www.postfix.org/postconf.5.html#reject_rhsbl_reverse_client http://www.spamhaus.org/dbl/ If this doesn't answer your question, please clarify. -- Noel Jones > May 1 06:57:15 gateway postfix/smtpd[15631]: 9932D4201D: > client=unknown[67.51.218.144] May 1 06:57:15 gateway > postfix/cleanup[15633]: 9932D4201D: > message-id=<0.0.0.18f.1cf653b82974c64.16e...@mail.hafighter.com> > > May 1 06:57:15 gateway postfix/qmgr[21143]: 9932D4201D: > from=<surface.protection.plus-jlay=slave-tothe-box....@hafighter.com>, > > size=4970, nrcpt=1 (queue active) > May 1 06:57:16 gateway postfix/smtpd[15631]: disconnect from > unknown[67.51.218.144] May 1 06:57:16 gateway > postfix/pickup[14365]: 6250042025: uid=1002 > from=<surface.protection.plus-jlay=slave-tothe-box....@hafighter.com> > > May 1 06:57:16 gateway postfix/cleanup[15633]: 6250042025: > message-id=<0.0.0.18f.1cf653b82974c64.16e...@mail.hafighter.com> > > May 1 06:57:16 gateway postfix/pipe[15634]: 9932D4201D: > to=<j...@slave-tothe-box.net>, relay=spamassassin, delay=1.5, > delays=0.95/0.01/0/0.56, dsn=2.0.0, status=sent (delivered via > spamassassin service) May 1 06:57:16 gateway > postfix/qmgr[21143]: 9932D4201D: removed May 1 06:57:16 > gateway postfix/qmgr[21143]: 6250042025: > from=<surface.protection.plus-jlay=slave-tothe-box....@hafighter.com>, > > size=5371, nrcpt=1 (queue active) > May 1 06:57:16 gateway postfix/local[15638]: 6250042025: > to=<j...@slave-tothe-box.net>, relay=local, delay=0.14, > delays=0.07/0.01/0/0.06, dsn=2.0.0, status=sent (delivered to > command: procmail -a "$EXTENSION") May 1 06:57:16 gateway > postfix/qmgr[21143]: 6250042025: removed > > Pertinent config info below: > > > smtpd_sender_restrictions = regexp:/etc/postfix/access > header_checks = regexp:/etc/postfix/header_checks body_checks = > regexp:/etc/postfix/body_checks smtpd_recipient_restrictions = > permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination smtpd_client_restrictions = > permit_mynetworks, permit_sasl_authenticated, reject_rbl_client > zen.spamhaus.org, check_client_access > hash:/etc/postfix/rbl_override, reject_rbl_client > cbl.abuseat.org, reject_rbl_client bl.spamcop.net, > reject_rbl_client dnsbl.sorbs.net, check_sender_access > hash:/etc/postfix/sender_checks, reject_invalid_hostname, > reject_unknown_hostname > > none of the included check type files includes that IP or host. > Is there a way I can trace this down? Thank you. > > James > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTYlFXAAoJEJGRUHb5Oh6g9I0IAMpPBhChzZfwm05ImUHba5J4 niGo0qWxrdwCrrX2OVl2NUKI12XaHFUb3QQSN/Nv5AdglHgKTRccuWYCsIK7tyV1 03HWptDdVKYWqJAk+1bU+KydO+ttshjF8rbPIlDJrSDg+rxnGLWGteCwH+vf5pGu XP1ptYwj1JedFI2GJbacsWJGeT7e/LfkM3RmQ8XlLwg/yOOVSGUyyHq9meW54FW0 CGQi1Rl3yxX+9QBWKuZ7bnWYtmqCjphDjQcQlUi7bPmNUtcr+TPFpuEqlB8GPXHZ xVrOLaIfiGnilcQ6bFCDqsyVpmxOUSyYvUaHi0AJkMuw+SI37ZIzWSq/KlQmK98= =18xk -----END PGP SIGNATURE-----
