On 2018-May-05 20:54, Bill Cole wrote: > Try reject_unknown_reverse_client_hostname first. It is safer than > reject_unknown_client_hostname. It won't catch the specific miscreant in > your log but unlike reject_unknown_client_hostname it won't block random > outbound IPs of major mailbox providers.
I set reject_unknown_reverse_client_hostname and will see how that goes. > I'm not sure why this specific mail is getting through but looking at your > config I have a few suggestions: > > 1. Configure postscreen to run in front of smtpd with main.cf settings > something like this: > > postscreen_access_list = permit_mynetworks > postscreen_disable_vrfy_command = yes > postscreen_dnsbl_action = enforce > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 > zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 > zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 > psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1 > postscreen_dnsbl_threshold = 2 > postscreen_dnsbl_ttl = 10m > postscreen_greet_action = drop > > (Adjust the postscreen_dnsbl_sites to taste...) > > 2. If you don't enable postscreen, AT LEAST fix this: > > smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, > reject_rbl_client blackholes.easynet.nl > > The "blackholes.easynet.nl" DNSBL has been dead for many years, so you > should remove it. Also, while "sbl.spamhaus.org" is a fine DNSBL, there is > usually no reason for a MTA that has a separate submission service to not > use the "zen.spamhaus.org" which includes many more problem mail sources > including the one you've logged. > > 3. To tell Aisha and other bogus "local" senders to go away: > > smtpd_reject_unlisted_sender = yes As advised, turned on postscreen, fixed DNSBL and set smtpd_reject_unlisted_sender to yes.
