How can I block this user from even attempting to access the mail server? Mac. OSX 10.11 Postfix.
I’ve even tried setting it in the firewall - but I’m missing something, because there it is again... I have the domain IP in a blacklist on both the pf.conf firewall, and the postfix blacklist, and in spamassassin … impossible. I can not stop this sucker. Mar 4 12:41:48 zeus postfix/smtpd[1811]: connect from mail.bmwlaw.com <http://mail.bmwlaw.com/>[174.46.142.137] Mar 4 12:41:48 zeus postfix/smtpd[1811]: setting up TLS connection from mail.bmwlaw.com <http://mail.bmwlaw.com/>[174.46.142.137] Mar 4 12:41:48 zeus postfix/smtpd[1811]: mail.bmwlaw.com <http://mail.bmwlaw.com/>[174.46.142.137]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!SSLv2:!aNULL:!ADH:!eNULL" Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:before/accept initialization Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read client hello A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write server hello A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write certificate A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write key exchange A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write server done A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 flush data Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read client certificate A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read client key exchange A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read certificate verify A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read finished A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write change cipher spec A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write finished A Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 flush data Mar 4 12:41:48 zeus postfix/smtpd[1811]: Anonymous TLS connection established from mail.bmwlaw.com <http://mail.bmwlaw.com/>[174.46.142.137]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Mar 4 12:41:49 zeus postfix/smtpd[1811]: NOQUEUE: reject: RCPT from mail.bmwlaw.com <http://mail.bmwlaw.com/>[174.46.142.137]: 450 4.7.1 <BMW-Ex2010.bmwroa.com <http://bmw-ex2010.bmwroa.com/>>: Helo command rejected: Host not found; from=<> to=<rushmarcellus...@quantum-radio.net <mailto:rushmarcellus...@quantum-radio.net>> proto=ESMTP helo=<BMW-Ex2010.bmwroa.com <http://bmw-ex2010.bmwroa.com/>> Mar 4 12:41:51 zeus postfix/smtpd[1811]: disconnect from mail.bmwlaw.com <http://mail.bmwlaw.com/>[174.46.142.137] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6 The only thing I can think, is that soemthing is turning it back on, after being turned off.? postconf -n below. alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases biff = no broken_sasl_auth_clients = yes command_directory = /usr/local/sbin compatibility_level = 2 content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see http://$rbl_domain. disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 home_mailbox = Mail/Dovecot/ html_directory = /usr/share/doc/postfix/html inet_interfaces = all inet_protocols = all lmtp_tls_ciphers = $smtpd_tls_ciphers lmtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers mail_owner = _postfix mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/share/man message_size_limit = 0 meta_directory = /usr/local/etc/postfix milter_default_action = accept mydestination = localhost mail.$mydomain, www.$mydomain myhostname = zeus.chalmers.com.au mynetworks_style = host newaliases_path = /usr/local/bin/newaliases non_smtpd_milters = inet:127.0.0.1:8891 postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/postscreen_access.cidr, cidr:/usr/local/etc/postfix/postscreen_spf_whitelist.cidr postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = no postscreen_bare_newline_ttl = 30d postscreen_blacklist_action = drop postscreen_cache_cleanup_interval = 12h postscreen_cache_map = btree:$data_directory/postscreen_cache postscreen_cache_retention_time = 7d postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit postscreen_command_count_limit = 20 postscreen_command_filter = postscreen_command_time_limit = ${stress?10}${stress:300}s postscreen_disable_vrfy_command = $disable_vrfy_command postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = texthash:/usr/local/etc/postfix/dnsbl_reply postscreen_dnsbl_sites = zen.spamhaus.org*3, bl.mailspike.net*2, b.barracudacentral.org*2, bl.spameatingmonkey.net, bl.spamcop.net, dnsbl.sorbs.net, psbl.surriel.com, swl.spamhaus.org*-4, list.dnswl.org=127.[0..255].[0..255].0*-2, list.dnswl.org=127.[0..255].[0..255].1*-3, list.dnswl.org=127.[0..255].[0..255].[2..255]*-4, wl.mailspike.net=127.0.0.[17;18]*-1, wl.mailspike.net=127.0.0.[19;20]*-2, ix.dnsbl.manitu.net, bl.blocklist.de, list.dnswl.org=127.0.[0..255].0*-1, list.dnswl.org=127.0.[0..255].1*-2, list.dnswl.org=127.0.[0..255].[2..3]*-3, iadb.isipp.com=127.0.[0..255].[0..255]*-2, iadb.isipp.com=127.3.100.[6..200]*-2, wl.mailspike.net=127.0.0.[17;18]*-1, wl.mailspike.net=127.0.0.[19;20]*-2 postscreen_dnsbl_threshold = 3 postscreen_dnsbl_ttl = 1h postscreen_dnsbl_whitelist_threshold = -4 postscreen_enforce_tls = $smtpd_enforce_tls postscreen_expansion_filter = $smtpd_expansion_filter postscreen_forbidden_commands = $smtpd_forbidden_commands postscreen_greet_action = ignore postscreen_greet_banner = $smtpd_banner postscreen_greet_ttl = 1d postscreen_greet_wait = ${stress?2}${stress:6}s postscreen_helo_required = $smtpd_helo_required postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = no postscreen_non_smtp_command_ttl = 30d postscreen_pipelining_action = enforce postscreen_pipelining_enable = no postscreen_pipelining_ttl = 30d postscreen_post_queue_limit = $default_process_limit postscreen_pre_queue_limit = $default_process_limit postscreen_reject_footer = $smtpd_reject_footer postscreen_tls_security_level = $smtpd_tls_security_level postscreen_use_tls = $smtpd_use_tls postscreen_watchdog_timeout = 10s queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/local/sbin/sendmail setgid_group = _postdrop shlib_directory = /usr/local/lib/postfix smtp_sasl_auth_enable = no smtp_sasl_mechanism_filter = plain smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd smtp_tls_ciphers = $smtpd_tls_ciphers smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers smtp_use_tls = yes smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/access,reject_rbl_client bl.spamcop.net,reject_rbl_client sbl-xbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client dnsbl.njabl.org,reject_rbl_client zen.spamhaus.org smtpd_delay_reject = yes smtpd_error_sleep_time = 2s smtpd_hard_error_limit = 2 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/usr/local/etc/postfix/helo_access, reject_non_fqdn_hostname, reject_unknown_helo_hostname, reject_invalid_hostname, permit smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893 smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_sender_access hash:/usr/local/etc/postfix/access, check_client_access hash:/usr/local/etc/postfix/access, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, check_recipient_access hash:/usr/local/etc/postfix/access, check_policy_service unix:private/policy smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_soft_error_limit = 1 smtpd_tls_CAfile = /private/etc/ssl/certs/sub.class1.server.ca.pem smtpd_tls_cert_file = /private/etc/ssl/certs/chalmers.com.au.crt smtpd_tls_ciphers = medium smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL smtpd_tls_key_file = /private/etc/ssl/private/chalmers.com.au.key smtpd_tls_loglevel = 2 smtpd_tls_mandatory_ciphers = high smtpd_tls_security_level = may smtpd_use_tls = yes smtputf8_enable = no soft_bounce = no strict_rfc821_envelopes = yes tls_preempt_cipherlist = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql-virtual-alias-maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_limit = 0 virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_minimum_uid = 100 virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_uid_maps = static:5000 thanks Robert Chalmers
