On 21 Aug 2018, at 13:51, Fongaboo wrote:
On Tue, 21 Aug 2018, Bill Cole wrote:
smtpd_client_restrictions
check_client_access cidr:/usr/local/etc/postfix/rbl_override
reject_rbl_client zen.spamhaus.org=127.0.0.2,
reject_rbl_client zen.spamhaus.org=127.0.0.3,
reject_rbl_client zen.spamhaus.org=127.0.0.4,
check_client_access cidr:/usr/local/etc/postfix/pbl_override
reject_rbl_client zen.spamhaus.org=127.0.0.10,
reject_rbl_client zen.spamhaus.org=127.0.0.11,
That's pretty neat. Are those IP's on the end ones to be specifically
*rejected*?
No, those are specific Spamhaus ZEN return codes. See
https://www.spamhaus.org/zen/ for their specific meanings.
Can CIDR format be used?
For DNSBL return codes? No. If I am interpreting the postconf(5) man
page correctly, the above could be consolidated like this:
smtpd_client_restrictions
check_client_access cidr:/usr/local/etc/postfix/rbl_override
reject_rbl_client zen.spamhaus.org=[127.0.0.2..4],
check_client_access cidr:/usr/local/etc/postfix/pbl_override
reject_rbl_client zen.spamhaus.org=[127.0.0.10;127.0.0.11],
However I may be misinterpreting the range & list syntax described
there...
Also should the last two lines start with reject_pbl_client?
No. See the postconf(5) man page, where reject_rbl_client is documented.
The name "reject_rbl_client" is an historical artifact of the first
DNSBL (the MAPS RBL) having its name genericized in the Postfix feature
name. That feature is used for all DNSBLs, which is why it needs a base
domain argument with an optional return code.
