I fear that I've misunderstood something for a very long time...
Why might hwsrv-205226.hostwindsdns.com not be hitting the (redundant, I
think) entries here?
bigsky:~ root# postmap -vs /etc/postfix/client_checks
postmap: name_mask: ipv4
postmap: inet_addr_local: configured 5 IPv4 addresses
postmap: Compiled against Berkeley DB version 1
postmap: dict_open: hash:/etc/postfix/client_checks
getresponse.com 550 5.7.1 GetResponse spam unwanted
user.veloxzone.com.br 550 5.7.1 Veloxzone users may not mail here
link 550 5.7.1 Get a real domain, spammy
hostwindsdns.com 550 5.7.1 Too many brute force attacks from your
hosting provider
.hostwindsdns.com 550 5.7.1 Too many brute force attacks from your
hosting provider
salsalabs.net 550 5.7.1 SalsaLabs has shitty list management
practices.
newsletterbroadcast.net 550 5.7.1 Hostway's spamming services not
welcome here
siteprotect.com 550 5.7.1 Hostway's spamming services not welcome
here
checkmail.io 550 5.7.1 Address Verification is a fraudulent
business. GFY & DIAF
bigsky:~ root# echo $?
0
bigsky:~ root# postmap -q hwsrv-205226.hostwindsdns.com -v
/etc/postfix/client_checks
postmap: name_mask: ipv4
postmap: inet_addr_local: configured 5 IPv4 addresses
postmap: Compiled against Berkeley DB version 1
postmap: dict_open: hash:/etc/postfix/client_checks
bigsky:~ root# echo $?
1
Canonical config outputs follow:
bigsky:~ root# postconf -nf
body_checks = pcre:/opt/local/etc/postfix/body_checks
bounce_size_limit = 50000
command_directory = /opt/local/sbin
compatibility_level = 2
daemon_directory = /opt/local/libexec/postfix
data_directory = /opt/local/var/lib/postfix
debug_peer_level = 3
debug_peer_list = 127.0.0.1
debugger_command = PATH=/opt/local/bin:/bin:/usr/bin:/usr/local/bin;
export
PATH; (echo cont; echo where) | gdb
$daemon_directory/$process_name
$process_id 2>&1
>$config_directory/$process_name.$process_id.log & sleep 5
default_database_type = hash
default_destination_concurrency_limit = 10
disable_vrfy_command = yes
enable_long_queue_ids = yes
header_checks = regexp:/opt/local/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = _postfix
mailq_path = /opt/local/bin/mailq
manpage_directory = /opt/local/share/man
message_size_limit = 40960000
milter_command_timeout = 120s
milter_connect_timeout = 45s
milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
mydestination = $myhostname, localhost.$mydomain_fallback
mydomain = scconsult.com
mydomain_fallback = scconsult.com
myhostname = toaster.scconsult.com
mynetworks = 192.168.254.0/24
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /opt/local/bin/newaliases
postscreen_access_list = permit_mynetworks
postscreen_disable_vrfy_command = yes
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = cbl.abuseat.org=127.0.0.2*2
zen.spamhaus.org=127.0.0.2*2 zen.spamhaus.org=127.0.0.3*2
zen.spamhaus.org=127.0.0.4*2 zen.spamhaus.org=127.0.0.10*2
zen.spamhaus.org=127.0.0.11*2 korea.services.net=127.0.0.2*2
blackholes.scconsult.com=127.0.0.2*1
sbcdyn.scconsult.com=127.0.0.2*1
psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_ttl = 10m
postscreen_greet_action = drop
postscreen_helo_required = $smtpd_helo_required
postscreen_whitelist_interfaces = !127.0.0.2,static:all
proxy_interfaces = 67.149.19.3, 67.149.19.4, 67.149.19.5
queue_directory = /opt/local/var/spool/postfix
readme_directory = /opt/local/share/postfix/readme
recipient_delimiter = -
sample_directory = /opt/local/share/postfix/sample
sender_bcc_maps = pcre:/etc/postfix/sender_bccs
sendmail_path = /opt/local/sbin/sendmail
setgid_group = _postdrop
sewers = check_recipient_access
pcre:/opt/local/etc/postfix/sewer-recipients
check_sender_access pcre:/opt/local/etc/postfix/sewer-senders
smtp_connection_cache_destinations =
smtp_dns_support_level = dnssec
smtp_generic_maps = regexp:/opt/local/etc/postfix/generic
smtp_tls_CAfile = /opt/local/etc/openssl/cert.pem
smtp_tls_loglevel = 1
smtp_tls_security_level = dane
smtpd_authorized_xclient_hosts = localhost
smtpd_client_auth_rate_limit = 5
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 6
smtpd_client_message_rate_limit = 15
smtpd_client_new_tls_session_rate_limit = 5
smtpd_client_recipient_rate_limit = 20
smtpd_client_restrictions = check_client_access
hash:/opt/local/etc/postfix/client_checks, permit
smtpd_data_restrictions =
reject_multi_recipient_bounce,reject_unauth_pipelining,permit
smtpd_delay_open_until_valid_rcpt = no
smtpd_error_sleep_time = 3
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_milters = unix:/var/spool/MIMEDefang/mimedefang.sock
smtpd_recipient_restrictions = permit_mynetworks,
check_recipient_access
pcre:/opt/local/etc/postfix/rcpt_overrides, check_helo_access
pcre:/opt/local/etc/postfix/helo_checks, check_client_ns_access
pcre:/opt/local/etc/postfix/shitns,
check_reverse_client_hostname_ns_access
pcre:/opt/local/etc/postfix/shitns, check_helo_ns_access
pcre:/opt/local/etc/postfix/shitns, check_sender_ns_access
pcre:/opt/local/etc/postfix/shitns, check_sender_access
pcre:/opt/local/etc/postfix/badsenders,
reject_unknown_sender_domain,
reject_invalid_helo_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, check_sender_access
pcre:/opt/local/etc/postfix/goodsenders,
reject_unknown_reverse_client_hostname, check_sender_mx_access
cidr:/opt/local/etc/postfix/bogus_mx.cidr, reject_rbl_client
cbl.abuseat.org=127.0.0.2, reject_rbl_client
zen.spamhaus.org=127.0.0.2,
reject_rbl_client zen.spamhaus.org=127.0.0.3, reject_rbl_client
zen.spamhaus.org=127.0.0.4, reject_rbl_client
zen.spamhaus.org=127.0.0.10,
reject_rbl_client zen.spamhaus.org=127.0.0.11, reject_rbl_client
korea.services.net=127.0.0.2, check_recipient_access
pcre:/opt/local/etc/postfix/recipient_checks.regex,
reject_rbl_client
blackholes.scconsult.com=127.0.0.2, reject_rbl_client
sbcdyn.scconsult.com=127.0.0.2, reject_rbl_client
ix.dnsbl.manitu.net=127.0.0.2, reject_rbl_client
psbl.surriel.com=127.0.0.2,
check_sender_access hash:/opt/local/etc/postfix/sender_checks,
check_client_access hash:/opt/local/etc/postfix/client_checks,
check_client_access
pcre:/opt/local/etc/postfix/client_checks.regex, permit
smtpd_reject_unlisted_sender = yes
smtpd_relay_restrictions =
smtpd_restriction_classes = sewers,spamtargets
smtpd_sasl_auth_enable = no
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 2
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /private/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /private/etc/ssl/private/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_protocols = !SSLv2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtputf8_enable = yes
spamtargets = check_sender_access
pcre:/opt/local/etc/postfix/spamtarget-senders
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 553
unknown_client_reject_code = 550
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/opt/local/etc/postfix/virtual
bigsky:~ root# postconf -Mf
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o syslog_name=postfix/submit
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - -
trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
-o myhostname=bigsky.scconsult.com
relay unix - - n - - smtp
-o myhostname=bigsky.scconsult.com
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
