Re: Blocking "unknown"

Fri, 30 Sep 2016 07:06:42 -0700 

Hi,

On Fri, Sep 30, 2016 at 9:14 AM, /dev/rob0 <r...@gmx.co.uk> wrote:
> On Fri, Sep 30, 2016 at 01:02:34PM +0200, Ralph Seichter wrote:
>> On 30.09.2016 12:26, Postfix User wrote:
>>
>> > 13822:Sep 30 02:00:40 scorpio postfix/smtpd[83056]:
>> > connect from unknown[118.71.251.67]
>>
>> You can use reject_unknown_reverse_client_hostname, but I recommend
>> you don't. Many legitimate mail sources have not configured reverse
>> DNS entries.
>
> Hmm, I have been using this for many years, since one time when my
> own PTR lookup failed and I found I was being rejected by gmail and
> numerous other providers.

I'd like to now add this as well. Would you recommend adding it after
reject_unauth_destination?

smtpd_recipient_restrictions =
        reject_non_fqdn_recipient,
        reject_non_fqdn_sender,
        reject_unlisted_recipient,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        reject_unauth_destination,
        reject_unknown_reverse_client_hostname,
        reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
        reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
        reject_rhsbl_helo mykey.dbl.dq.spamhaus.net
        check_sender_access hash:/etc/postfix/check_backscatterer,
        check_helo_access pcre:/etc/postfix/helo_checks.pcre,
        check_helo_access hash:/etc/postfix/helo_checks,
        reject_non_fqdn_helo_hostname,
        reject_invalid_helo_hostname,
        check_policy_service unix:private/policy-spf,
        check_policy_service inet:127.0.0.1:2501,
        check_recipient_access pcre:/etc/postfix/relay_recips_access,
        check_recipient_access pcre:/etc/postfix/recipient_checks,
        permit

smtpd_client_restrictions =
        permit_mynetworks,
        check_client_access hash:/etc/postfix/client_checks,
        check_reverse_client_hostname_access
pcre:/etc/postfix/fqrdns-042715a.pcre,
        check_reverse_client_hostname_access
pcre:/etc/postfix/reverse_client_hostname_access.pcre,
        check_client_access cidr:/etc/postfix/client_access_blocklist

smtpd_sender_restrictions =
        permit_mynetworks,
        check_sender_access hash:/etc/postfix/sender_checks,
        check_sender_access hash:/etc/postfix/spamsources,
        check_sender_ns_access hash:/etc/postfix/blacklist_ns.cf,
        reject_unknown_sender_domain

Thanks,
Alex

Reply via email to