Here is my personal MX & MSA on single Linux box.
/etc/postfix/ is null
/etc/postfix-msa/ is the mail submission agent on port 587 and smpts on port
465
/etc/postfix-mx/ is the mail exchanger on port 25
/etc/postfix/main.cf:
# Mail Submission Agent (MSA)
# Mail Exchanger (MX)
master_service_d
One of my favorite anti spam measures is auto add repeat RBL hits, no PTR
hits, etc. to system firewall.
Here are a few entire network permanent firewall blocks for example as well.
ARIN--Level3-Sendlabs-DynDNS.org___-CIDR[63.209.253.224/27]
ARIN--Level3-Sendlabs-DynDNS.org___-CIDR[63.211.192.12
Which makes their domain an easy target for block lists.
http://www.spamhaus.org/query/dbl?domain=takeprettypictures.net
--
From: "mouss"
Sent: Sunday, September 26, 2010 1:38 PM
To:
Subject: Re: SPF and greylisting conditioning
Le 26/09/2010
.*
--
From: "Patrick Lists"
Sent: Monday, August 30, 2010 2:34 PM
To:
Subject: Regexp for blocking dynamic hosts?
Hi,
I got a lot of spam lately from dynamic hosts so gradually I have been
adding rules to block them with the help of the rules
With smtpd_delay_reject = yes
Which of the restriction sections was the following logged rejection for?
Or put another way, in which of the restriction sections was the rejection
option "reject_rbl_client pbl.spamhaus.org" that resulted in the logged
rejection?
Restriction Options:
smtpd_clie
"I think he just wants to know which smtpd restrictions list contains the
rule that caused the rejection."
Correct.
--
From: "Michael Orlitzky"
Sent: Tuesday, August 10, 2010 2:02 PM
To:
Subject: Re: smtpd_delay_reject = yes & Reject Logging
O
Technically correct yet totally useless. You would be perfect Microsoft
employee.
(lookup the joke about helicopter pilot and Microsoft)
--
From: "Ralf Hildebrandt"
Sent: Tuesday, August 10, 2010 1:23 PM
To:
Subject: Re: smtpd_delay_reject = yes
Yes it does cause a problem.
It does not indicate the stage the rejection is associated with (CONNECT,
HELO, FROM, RCPT, etc.).
--
From: "Noel Jones"
Sent: Tuesday, August 10, 2010 1:27 PM
To:
Subject: Re: smtpd_delay_reject = yes & Reject Loggi
When using the "smtpd_delay_reject = yes" option, all log messages indicate
RCPT stage rejection. e.g. "... NOQUEUE: reject: RCPT from ..."; regardless of
which type of restriction an option is listed under.
For instance a rejection based on the following will indicate RCPT rather than
CONNECT
http://www.openspf.org/
--
From: "donovan jeffrey j"
Sent: Sunday, August 08, 2010 10:48 AM
To: "Postfix users"
Subject: need help with forged To and From
greetings
this weekend I have been hit with a ton of forged spam messages.
here is a samp
That is what I thought. You really don't have an objection or case to back
it up so reveal your true nature by attacking with personal criticism
rather than sticking to the subject matter and making your case.
--
From: "John R. Dennison"
Sent:
Very aware spammers can create their own domains and and SPF records. They
can do essentially the same thing with any anti spam measures. And I have
see a number of them do just that, an SPF record of entire IPv4 address
space (0.0.0.0/0). But guess what, everyone of them has been in an RHSBL
What is your objection?
--
From: "John Levine"
Sent: Sunday, July 04, 2010 9:48 PM
To:
Cc:
Subject: Re: Postfix.org SPF
Anyone opposed to the postfix.org domain publishing an SPF record?
Yes. Now, can you go away, please?
R's,
John, MAAWG s
My original post was regarding postfix. But you and others who seemed more
interested in taking it off topic to squelch the request for postfix.org to
publish an SPF record.
I oblige the challenge and then you all start complain about thread being
off topic. Well it wouldn't be off topic if
US financial services industry group endorses SPF, so most banks, credit
unions, brokerages, etc. publish an SPF record.
MAAWG: "At the very least, senders should incorporate SPF records for their
mailing domains".
Austrailan DoD Recommends SPF
Google.com, GoogleMail.com, Gmail.com,
Comcast.
What is stupid is to be so opposed to anti spam tools that have no
significant downside.
Makes one wonder about true motives.
--
From: "Matt Hayes"
Sent: Sunday, July 04, 2010 7:29 PM
To:
Subject: Re: Postfix.org SPF
On 07/04/2010 10:20 PM, jun
Yahoo has ulterior motives? They wish to push their domain keys.
Others probably likewise have ulterior motives.
Do you also oppose SPF, and if so what is your motives?
--
From: "mouss"
Sent: Sunday, July 04, 2010 7:29 PM
To:
Subject: Re: Post
Some do not accept email from domains whose owner does not publish the
servers they authorize to transfer mail for their domain.
--
From: "Sahil Tandon"
Sent: Saturday, July 03, 2010 11:53 AM
To:
Subject: Re: Postfix.org SPF
On Sat, 2010-07-03
Those who wish to make use of it can do so.
From: Jeroen Geilman
Sent: Saturday, July 03, 2010 11:46 AM
To: postfix-users@postfix.org
Subject: Re: Postfix.org SPF
On 07/03/2010 08:45 PM, junkyardma...@verizon.net wrote:
How about publishing an SPF record for postfix.org.
This would wor
Oh and here is another thought.
Go back to the very first failure occurrence for draxlerinsurance.com and
see what the cause of that very first rejection was.
--
From:
Sent: Saturday, July 03, 2010 7:42 PM
To: "Asai" ;
Subject: Re: Connection R
Have you verified your MTA's are not on a Black/Block list? Maybe
draxlerinsurance.com has firewalled you off. I know I would.
http://www.mxtoolbox.com/blacklists.aspx
[r...@vps1 ~]# telnet 67.227.17.37 25
Trying 67.227.17.37...
Connected to 67.227.17.37.
Escape character is '^]'.
220
***
How about publishing an SPF record for postfix.org.
This would work well:
"v=spf1 mx include:cloud9.net ~all"
http://openspf.org/
http://old.openspf.org/wizard.html?mydomain=Postfix.org
Already have a home grown log scrapper dynamically managing (add/remove)
firewall rules and love the results.
Not only have bad behaving bots disappeared but there seems to be fewer spam
attempts for unique clients as well. Leaving log files much less cluttered
and much smaller. When I say dis
Is it possible to execute a system command upon the following smtpd client
restriction rejections?
smtpd_client_restrictions =
reject_rbl_client zen.spamhaus.org,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname
Would like to automate insertion of client IP address into IP
24 matches
Mail list logo
