On 8/12/2016 4:33 AM, Richard Klingler wrote:
> Also modified the blacklist that is now part of mynetworks:
>
> mynetworks = cidr:/usr/local/etc/postfix/blacklist.cidr
>
> And of course the prefix above is also not rejected:
>
> 127.0.0.0/8 OK
> 60.166.0.0/15 REJECT
>
Don't do that! mynetwor
> For name-based rejection (verified rDNS or HELO/EHLO) that you don't
> want/need exempted by anything else, use check_client_access in
> smtpd_client_restrictions and check_helo_access in
> smtpd_helo_restrictions (and/or their arcane variants, see the
> postconf(5) man page)
>
Hmm..have in
On 11 Aug 2016, at 15:36, Richard Klingler wrote:
On Thu, 11 Aug 2016 21:33:39 +0200, Benny Pedersen wrote:
On 2016-08-11 21:06, Noel Jones wrote:
http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networ
On 12/8/2016 12:01 πμ, Nikolaos Milas wrote:
The following works for me:
smtpd_restriction_classes ...
...
Forget this suggestion, it's used in a different context; and it's not
complete either.
Sorry for the confusion.
Nick
On 2016-08-11 22:59, Richard Klingler wrote:
This is it: (dunno know how to enable sasl in master.conf for a
specific port ;o)
oh
smtpd_sasl_auth_enable = yes
fail
# main.cf
mua_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject
mua_helo_restrictions =
permit_
On 11/8/2016 11:49 μμ, Richard Klingler wrote:
I've put it also now on the client restriction..but the message looks the
same...
Clients still can try to do SMTP AUTH...
The following works for me:
smtpd_restriction_classes = controlled_senders,allowed_list1
controlled_senders = check
On Thu, 11 Aug 2016 22:54:37 +0200, Benny Pedersen wrote:
> On 2016-08-11 22:49, Richard Klingler wrote:
>
>> I've put it also now on the client restriction..but the message looks
>> the same...
>> Clients still can try to do SMTP AUTH...
>
> disable sasl auth in main.cf
>
> enable it in master.
On 2016-08-11 22:49, Richard Klingler wrote:
I've put it also now on the client restriction..but the message looks
the same...
Clients still can try to do SMTP AUTH...
disable sasl auth in main.cf
enable it in master.cf for port 587 only
the check_client_access cann aswell be used in master.
On Thu, 11 Aug 2016 22:45:01 +0200, Benny Pedersen wrote:
> On 2016-08-11 22:34, Richard Klingler wrote:
>
>> So it made up to this point:
>> smtpd_recipient_restrictions = check_client_access
>> cidr:/usr/local/etc/postfix/blacklisted_prefixes,
>
> note smtpd_recipient_restrictions, change it to
On 11/8/2016 11:34 μμ, Richard Klingler wrote:
I have in the blacklist:
60.166.0.0/15 REJECT
Have you restarted postfix after updating the cidr file?
Nick
On 2016-08-11 22:34, Richard Klingler wrote:
So it made up to this point:
smtpd_recipient_restrictions = check_client_access
cidr:/usr/local/etc/postfix/blacklisted_prefixes,
note smtpd_recipient_restrictions, change it to
smtpd_Client_restrictions so basicly i just think you make the
check_
Okayregardless of SASL tries
I have in the blacklist:
60.166.0.0/15 REJECT
but still this kicks in:
Aug 11 22:17:36 marvin postfix/smtpd[30519]: connect from
unknown[60.167.116.249]
Aug 11 22:17:37 marvin postfix/smtpd[30519]: NOQUEUE: reject: RCPT
from unknown[60.167.116.249]: 55
On 11/8/2016 10:56 μμ, Richard Klingler wrote:
Well I would have expected that the first entry in
smtpd_recipient_restrictions...
Actually, it seems you are confusing restrictions at different phases of
mail handling. Read more carefully Noel's notes! (He explains things
clearly!)
Reading
On Thu, 11 Aug 2016 14:06:44 -0500, Noel Jones wrote:
> On 8/11/2016 1:10 PM, Richard Klingler wrote:
>> Doesn't work with the blacklisted_prefix file...
>>
>> Have:
>>
>> smtpd_recipient_restrictions = check_client_access
>> cidr:/usr/local/etc/postfix/blacklisted_prefixes,
>> permit_sasl_auth
On 2016-08-11 21:36, Richard Klingler wrote:
Jezzz...
Is there a good ebook explaining all the configuration possibilities?
https://www.google.dk/search?q=postfix+book
I still haven't figured the difference between
smtpd_recipient_restrictions and smtpd_sender_restrictions.
it imho is se
stfix.org]
On Behalf Of Richard Klingler
Sent: Thursday, August 11, 2016 3:37 PM
To: postfix-users@postfix.org
Subject: Re: Block certain prefixes/TLDs from accessing
On Thu, 11 Aug 2016 21:33:39 +0200, Benny Pedersen wrote:
> On 2016-08-11 21:06, Noel Jones wrote:
>
>> http://www.p
On Thu, 11 Aug 2016 21:33:39 +0200, Benny Pedersen wrote:
> On 2016-08-11 21:06, Noel Jones wrote:
>
>> http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
>> http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks
>
> same effect can be made with sasl dis
On 2016-08-11 21:06, Noel Jones wrote:
http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks
same effect can be made with sasl disabled in main.cf
and just enabled in master.cf for submission
oh we
On 8/11/2016 1:10 PM, Richard Klingler wrote:
> Doesn't work with the blacklisted_prefix file...
>
> Have:
>
> smtpd_recipient_restrictions = check_client_access
> cidr:/usr/local/etc/postfix/blacklisted_prefixes, permit_sasl_authenticated,
>
>
> But I still get connection message that sh
On 2016-08-11 20:33, Richard Klingler wrote:
Well I was firewalling loads of prefixes beforethat is
what I want to avoid (o;
i begin to think whitelist cidr in firewall for custommer ports only, so
no need to block random non custommers :=)
do not disable starttls in port 25, but just a
On Thu, 11 Aug 2016 20:31:04 +0200, Benny Pedersen wrote:
> On 2016-08-11 20:10, Richard Klingler wrote:
>
>> Aug 11 20:05:39 marvin postfix/smtpd[19974]: initializing
>> the server-side TLS engine
>> Aug 11 20:05:39 marvin postfix/smtpd[19974]: connect from
>> 93-152-67-113.itlab.managedbroadba
On 2016-08-11 20:10, Richard Klingler wrote:
Aug 11 20:05:39 marvin postfix/smtpd[19974]: initializing
the server-side TLS engine
Aug 11 20:05:39 marvin postfix/smtpd[19974]: connect from
93-152-67-113.itlab.managedbroadband.co.uk[93.152.67.113]
Aug 11 20:05:41 marvin postfix/smtpd[19974]: wa
On Thu, 11 Aug 2016 13:44:42 +0300, Nikolaos Milas wrote:
> On 11/8/2016 1:25 μμ, Richard Klingler wrote:
>
>> Is there an easy way to block a list of prefixes from accessing postfix?
>> ...
>> Preferably I would like to combine prefix and domain filtering
>> as plain helo_checks won't allow regul
On 8/11/2016 11:01 AM, Richard Klingler wrote:
> No...sorry for confusing...coming from the network world
> I mean with prefix a subnet (or supernet speaking in the old class-A/B/C/D/E
> IP address terms ;o)
>
hash tables are searched by octet. For example, the entry
192.168 REJECT
would block
On Thu, 11 Aug 2016 10:53:14 -0500, /dev/rob0 wrote:
> I believe today is my day on the pedantry schedule, so here I go,
> picking nits.
>
> On Thu, Aug 11, 2016 at 12:25:22PM +0200, Richard Klingler wrote:
>> Is there an easy way to block a list of prefixes from accessing
>> postfix?
>
> I thi
I believe today is my day on the pedantry schedule, so here I go,
picking nits.
On Thu, Aug 11, 2016 at 12:25:22PM +0200, Richard Klingler wrote:
> Is there an easy way to block a list of prefixes from accessing
> postfix?
I think by "prefix" (according to $Subject) you meant "top-level
domain
On 8/11/2016 10:26 AM, Richard Klingler wrote:
>>> /^.*\.ppp\..*$/ REJECT No email accepted from DSL users
>>> /^.*\.dsl\..*$/ REJECT No email accepted from DSL users
>>
>> useless anchors...
>>
>> /\.dsl\./ REJECT ...
>> /\.ppp\./ REJECT ...
>
> Hmm...but $/ is neeed if I want to completely rej
>> /^.*\.ppp\..*$/ REJECT No email accepted from DSL users
>> /^.*\.dsl\..*$/ REJECT No email accepted from DSL users
>
> useless anchors...
>
> /\.dsl\./ REJECT ...
> /\.ppp\./ REJECT ...
Hmm...but $/ is neeed if I want to completely reject a specific TLD like:
/\.cn$/
Or which exta
On 11 Aug 2016, at 10:18, Richard Klingler wrote:
On Thu, 11 Aug 2016 10:15:04 -0400, Bill Cole wrote:
On 11 Aug 2016, at 6:25, Richard Klingler wrote:
plain helo_checks won't allow regular expression for hostnames.
Why do you believe this?
I have used regexp and pcre tables for helo_check
On 8/11/2016 9:18 AM, Richard Klingler wrote:
> On Thu, 11 Aug 2016 10:15:04 -0400, Bill Cole wrote:
>> On 11 Aug 2016, at 6:25, Richard Klingler wrote:
>>
>>> plain helo_checks won't allow regular expression for hostnames.
>>
>> Why do you believe this?
>>
>> I have used regexp and pcre tables for
On Thu, 11 Aug 2016 10:15:04 -0400, Bill Cole wrote:
> On 11 Aug 2016, at 6:25, Richard Klingler wrote:
>
>> plain helo_checks won't allow regular expression for hostnames.
>
> Why do you believe this?
>
> I have used regexp and pcre tables for helo_checks successfully in
> all versions of Post
On 11 Aug 2016, at 6:25, Richard Klingler wrote:
plain helo_checks won't allow regular expression for hostnames.
Why do you believe this?
I have used regexp and pcre tables for helo_checks successfully in all
versions of Postfix from 2.6 to 3.1. My particular patterns don't catch
much since
12:45
> Aan: Richard Klingler
> CC: postfix-us...@cloud9.net
> Onderwerp: Re: Block certain prefixes/TLDs from accessing
>
> On 11/8/2016 1:25 , Richard Klingler wrote:
>
> > Is there an easy way to block a list of prefixes from accessing postfix?
> > ...
> &g
On 11/8/2016 1:25 μμ, Richard Klingler wrote:
Is there an easy way to block a list of prefixes from accessing postfix?
...
Preferably I would like to combine prefix and domain filtering
as plain helo_checks won't allow regular expression for hostnames.
I think you can use:
smtpd_recipient_res
Hello
Is there an easy way to block a list of prefixes from accessing postfix?
Right now I use ipfilter on FreeBSD to block certain ranges/countries as
only spam is originating from there...
Preferably I would like to combine prefix and domain filtering
as plain helo_checks won't allow regular e
35 matches
Mail list logo
