Thursday, November 24, 2022, 5:24:12 PM, Doug Hardie wrote:
> I am trying with the postscreen dns lookup disabled. Here is the main.cf > section: > # postscreen spam filtering > postscreen_greet_action = enforce > #postscreen_dnsbl_action = enforce > #postscreen_dnsbl_sites = bl.spamcop.net zen.spamhaus.org=127.0.0.[2..11] > b.barr > acudacentral.org > postscreen_access_list = permit_mynetworks, > cidr:/usr/local/etc/postfix/access.cidr > # > # Use long queue ids for uniqueness > enable_long_queue_ids = yes > # > # Incoming restrictions and Implement postfwd > incoming_smtpd_restrictions = > check_policy_service inet:127.0.0.1:10040, > reject_invalid_hostname, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_unauth_pipelining, > permit_mynetworks, > check_recipient_access hash:/usr/local/etc/postfix/tempfail, > reject_unauth_destination, > reject_unverified_recipient > reject_rbl_client bl.spamcop.net, > reject_rbl_client b.barracudacentral.org, > reject_rbl_client zen.spamhaus.org, > permit > # > Here is main.cf for smtpd: > smtpd pass - - n - 50 smtpd > -o smtpd_recipient_restrictions=$incoming_smtpd_restrictions > However, I seem to be doing the dns for all received emails. I see the log > message for user User unknown in virtual alias table, and dns requests with > that same timestamp for spamcop, barracudacentral and spamhaus. I am > suspecting I am missing a reject statement that will reject the email when > the user is not in the virtual alias table that needs to be before the rbl > rejects. I thought that reject_unverified_recipient would do that, but > apparently not.' > -- Doug Never heard of the parameter "incoming_smtpd_restrictions" Is that really what you have in main.cf -- Cheers, Phil
