On 9/24/2017 11:34 AM, Benny Pedersen wrote:
Kirk Bocek skrev den 2017-09-24 20:25:
That fill up my mailq. I've since blocked sflic.com but I get others
with a gmail.com domain.
How do I block or reject these messages?
google loopback-only is the most simple one :)
more help post postconf -n
Thanks Benny.
I was unaware of loopback-only. A quick search shows it's used in
send-only configurations. I, however, am receiving a few domains on this
server.
Here is postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, pvt,
bocek.org, bocekrealty.com
mydomain = pvt
myhostname = amber.pvt
mynetworks = 10.0.0.0/21, localhost, 127.0.0.0/8
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases.postfix
proxy_interfaces = 173.8.164.189
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = $mydestination, localhost, $myhostname
relay_recipient_maps = hash:/etc/postfix/relay_recipients
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks, permit_inet_interfaces,
permit_tls_all_clientcerts, reject_unknown_client_hostname, reject
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_unknown_sender_domain, reject_non_fqdn_hostname,
reject_invalid_hostname, reject_unknown_helo_hostname, permit
smtpd_recipient_restrictions = check_sender_access
hash:/etc/postfix/sender_access, permit_mynetworks,
reject_unauth_pipelining, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unauth_destination,
check_policy_service unix:postgrey/socket, permit_sasl_authenticated,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org, reject_rbl_client
dnsbl.sorbs.net, reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client dnsbl-2.uceprotect.net, reject_rbl_client
dnsbl-3.uceprotect.net, reject_rbl_client b.barracudacentral.org,
check_recipient_access hash:/etc/postfix/access,
reject_unlisted_recipient, reject_unverified_recipient, permit
smtpd_tls_key_file = /etc/postfix/sslcert-20151019.pem
smtpd_tls_cert_file = /etc/postfix/sslcert-20151019.pem
smtpd_tls_security_level = may
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3 smtp_tls_protocols=!SSLv2,!SSLv3
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_access, permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unverified_sender, warn_if_reject, permit
unknown_local_recipient_reject_code = 550
virtual_alias_domains = bocek.org, bocekrealty.com
virtual_alias_maps = hash:/etc/postfix/virtual,
hash:/etc/postfix/stonealias, hash:/etc/postfix/testalias
I am constantly battling getting smtpd_sender_restrictions,
smtpd_helo_restrictions, smtpd_client_restrictions and the others
correct. I've used the check_sender_access hash through several of them
and I'm not sure that's correct.
