I know many of us have used the fqrdns.pcre in Postfix's
smtpd_client_restrictions for many years to help block "low hanging" spam.
Long ago, after the project was abandoned by Stan H, I adopted it and moved
it to GitHub:
https://github.com/stevejenkins/hardwarefreak.com-fqrd
I'd rather not have the conversation(s) here on the Postfix list, but I've
received two update requests to Stan Hoeppner's fqrdns.pcre file, which
many of us are using (I volunteered to host the file on GitHub after Stan
went offline).
I'd like to invite Postfix users to ch
On Wed, May 6, 2015 at 8:21 AM, Bill Cole <
postfixlists-070...@billmail.scconsult.com> wrote:
> On 6 May 2015, at 10:20, Steve Jenkins wrote:
>
> On Tue, May 5, 2015 at 11:38 AM, Vijay Rajah wrote:
>>
>> There was a missing persons report on a Stanley D Hoeppner. This name no
>>> longer appear
I have it on good authority that he is still in Missouri but is absent due to a
personal nature.
I will share more if allowed in time.
In the interim, I've been checking to see if I can get his domain back up for
everyone again.
Thanks,
Steffan
> On May 6, 2015, at 8:21 AM, Bill Cole
> wr
On 6 May 2015, at 10:20, Steve Jenkins wrote:
On Tue, May 5, 2015 at 11:38 AM, Vijay Rajah wrote:
There was a missing persons report on a Stanley D Hoeppner. This name
no
longer appears on the active missing persons list. Hope he is ok.
FYI:
http://i.imgur.com/3oiR3ID.png
That's VERY co
o I think that is indeed him.
I hope the fact that he's no longer on there doesn't mean the worst...
> Also, It seems that his server is up and running. there is a single jpg
> file with you point the browser to his server IP.
> The fqrdns.pcre file is at http://65.41.216.221/
nning. there is a single jpg
file with you point the browser to his server IP.
The fqrdns.pcre file is at http://65.41.216.221/fqrdns.pcre
-Vijay
On 28 Apr 2015, at 23:23, Steve Jenkins wrote:
> On Tue, Apr 28, 2015 at 2:13 PM, Terry Barnum <mailto:te...@dop.com>> wrote:
> github URL for curl:
>
> $ curl
> https://raw.githubusercontent.com/stevejenkins/hardwarefreak.com-fqrdns.pcre/master/
On Tue, Apr 28, 2015 at 2:13 PM, Terry Barnum wrote:
> github URL for curl:
>
> $ curl
> https://raw.githubusercontent.com/stevejenkins/hardwarefreak.com-fqrdns.pcre/master/fqrdns.pcre
Thanks, Terry. The same URL will also work for a wget, and I recommend
using the -N option for
> On Apr 28, 2015, at 1:31 PM, Steve Jenkins wrote:
> https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre/blob/master/fqrdns.pcre
>
> Interesting to click the history button and see that it didn't really change
> all that much from 2012-2014.
>
> S
at's actually the version I have up there now. :)
https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre/blob/master/fqrdns.pcre
Interesting to click the history button and see that it didn't really
change all that much from 2012-2014.
SteveJ
On 28 Apr 2015, at 18:04, Alex Regan wrote:
> Hi,
>
>>I should have mentioned that I actually did that, once I couldn't
>>find Stan's site:
>>
>>https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre
>>
>>
>> For th
--On Monday, April 27, 2015 10:10 PM -0700 Steve Jenkins
wrote:
I don't know when Stan did his final update, but if anyone has one newer
than Mar 27 2013, please send it to me off-list and I'll update it.
Hi Steve,
I had just set this up on March 11, 2015. The version I downloaded at that
Hi,
I should have mentioned that I actually did that, once I couldn't
find Stan's site:
https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre
For those who are using it, I've replaced it with a version from March
2013 instead of March 2012.
htt
rt
involving my GENERIC_RDNS, so it can't be *that* bad. If it ever causes
an issue I'll probably drop the rule entirely.
Okay, good point. I did see quite a few FPs when I was rejecting with
the fqrdns.pcre file outright, however.
Thanks,
Alex
On Sun, Apr 26, 2015 at 2:20 PM, Steve Jenkins
wrote:
> I should have mentioned that I actually did that, once I couldn't find
> Stan's site:
>
> https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre
>
For those who are using it, I've replaced it with a v
On 04/27/2015 10:57 PM, Alex Regan wrote:
>>
>> check_client_access uses the verified name, which is more conservative.
>> I wasn't convinced this was a good idea, so I played it safe.
>
> So check_client_access is performing an additional DNS query on the
> hostname to check if it matches the IP
Hi,
On 04/27/2015 10:44 PM, Michael Orlitzky wrote:
On 04/27/2015 06:55 PM, Alex Regan wrote:
Hi,
I assume that means you use it in header_checks?
It's still a client check; I have
smtpd_recipient_restrictions =
...
check_client_access pcre:$maps/generic_rdns.pcre,
If you
Hi,
On 04/27/2015 10:44 PM, Michael Orlitzky wrote:
On 04/27/2015 06:55 PM, Alex Regan wrote:
Hi,
I assume that means you use it in header_checks?
It's still a client check; I have
smtpd_recipient_restrictions =
...
check_client_access pcre:$maps/generic_rdns.pcre,
If you
On 04/27/2015 06:55 PM, Alex Regan wrote:
> Hi,
>
>>> I assume that means you use it in header_checks?
>>
>> It's still a client check; I have
>>
>>smtpd_recipient_restrictions =
>> ...
>> check_client_access pcre:$maps/generic_rdns.pcre,
>
> If you're using a version of postfix lat
Hi,
I assume that means you use it in header_checks?
It's still a client check; I have
smtpd_recipient_restrictions =
...
check_client_access pcre:$maps/generic_rdns.pcre,
If you're using a version of postfix later than 2.6, you should be using
check_reverse_client_hostname_ac
On 26 Apr 2015, at 17:21, Steve Jenkins wrote:
On Sun, Apr 26, 2015 at 1:11 PM, E.B.
wrote:
HasStan stopped hosting/maintaining it?
Yes. :(
Like I said, it appears Stan has disappeared.
His last archived post was to the XFS list in January.
I can't find him on social
media, and any G
On 04/26/2015 03:55 PM, Wolfgang Zeikat wrote:
>
> I assume that means you use it in header_checks?
>
It's still a client check; I have
smtpd_recipient_restrictions =
...
check_client_access pcre:$maps/generic_rdns.pcre,
...
And then in spamassassin,
header GENERIC_RDNS exists
On Sun, Apr 26, 2015 at 1:11 PM, E.B. wrote:
> HasStan stopped hosting/maintaining it?
Yes. :(
Like I said, it appears Stan has disappeared. I can't find him on social
media, and any Google searches for him produce his hardwarefreak.com
site... which is now being squatted.
SteveJ
On Sun, Apr 26, 2015 at 7:07 AM, Patrick Laimbock
wrote:
>
> I would appreciate it if someone with a recent version of fqrdns.pcre
> could put it up on github or post it to the mailing list or offline to me
> or Steve. I found it very useful and would like to continue to use it.
I
- On 26 Apr, 2015, at 20:32, Michael Orlitzky mich...@orlitzky.com wrote:
> Here's my copy, modified to add a header rather than reject outright.
I assume that means you use it in header_checks?
Cheers,
wolfgang
HasStan stopped hosting/maintaining it?
On Sun, 4/26/15, Michael Orlitzky wrote:
Subject: Re: Stan Hoeppner's fqrdns.pcre file?
To: postfix-users@postfix.org
Date: Sunday, April 26, 2015, 11:32 AM
On 04/26/2015 09:07 AM, Patrick
Lai
On 04/26/2015 09:07 AM, Patrick Laimbock wrote:
>
> I would appreciate it if someone with a recent version of fqrdns.pcre
> could put it up on github or post it to the mailing list or offline to
> me or Steve. I found it very useful and would like to continue to use it.
>
at too.
It was previously the home of the popular fqrdns.pcre file that many
Postfix users incorporated into their spam-fighting efforts. Its
maintainer and long-time member of this list Stan Hoeppner also seems to
have dropped off the face of the earth.
Has someone else taken over management o
Hopefully this is still on-topic enough to warrant posting.
The hardwarefreak.com site appears to be offline (looks like possibly the
domain expired and a domain squatting service snatched it).
It was previously the home of the popular fqrdns.pcre file that many
Postfix users incorporated into
On Sun, Jan 15, 2012 at 11:04:21AM -0500, Charles Marcus wrote:
> But I'd still be interested in seeing some example postscreen
> configs actually in use right now, by you and anyone else
> willing to share...
I have posted mine here in the past, I think on or around 2011-02-15.
It hasn't changed
On Sun, 15 Jan 2012 11:04:21 -0500, Charles Marcus
wrote:
> But I'd still be interested in seeing some example postscreen configs
> actually in use right now, by you and anyone else willing to share...
This works pretty well:
as root:
## configure Postfix to use postscreen
sed -i 's/^smtp .*s
On 1/15/2012 10:04 AM, Charles Marcus wrote:
> On 2012-01-14 5:55 PM, Stan Hoeppner wrote:
>> On 1/14/2012 6:43 AM, Charles Marcus wrote:
>>> Also, Stan - would would be interested in seeing some comparisons of
>>> postscreen configurations. I haven't implemented it yet (we use an
>>> outsourced a
On 2012-01-14 5:55 PM, Stan Hoeppner wrote:
On 1/14/2012 6:43 AM, Charles Marcus wrote:
Also, Stan - would would be interested in seeing some comparisons of
postscreen configurations. I haven't implemented it yet (we use an
outsourced anti-spam service currently), but am interested in trying it
On 2012-01-15 6:21 AM, Steve wrote:
For me the question is: What does this outsourced anti-spam solution
do? Does it block (aka: what postscreen/fqrdns.pcre does) and/or does
it tag spam/ham. What other services do they offer that you need/use
(qurantine management, anti virus, black
Original-Nachricht
> Datum: Sat, 14 Jan 2012 16:55:46 -0600
> Von: Stan Hoeppner
> An: postfix-users@postfix.org
> Betreff: Re: postscreen supersedes fqrdns.pcre table
> On 1/14/2012 6:43 AM, Charles Marcus wrote:
>
> > Also, Stan - would would be i
On 1/14/2012 6:43 AM, Charles Marcus wrote:
> Also, Stan - would would be interested in seeing some comparisons of
> postscreen configurations. I haven't implemented it yet (we use an
> outsourced anti-spam service currently), but am interested in trying it
> out to see if we can lose that service
On 2012-01-13 6:18 PM, Stan Hoeppner wrote:
As fqrdns.pcre has been a topic recently, I feel this needs to be stated
again, for those of you who have missed previous threads on this topic.
1. Postscreen rejects most bots BEFORE they reach smtpd processes
(fqrdns.pcre is evaluated by
As fqrdns.pcre has been a topic recently, I feel this needs to be stated
again, for those of you who have missed previous threads on this topic.
1. Postscreen rejects most bots BEFORE they reach smtpd processes
(fqrdns.pcre is evaluated by smtpd)
2. AFAIK postscreen never FP
On 7/7/2011 7:37 PM, Steve Jenkins wrote:
> I'm currently using Stan's pcre file with check_client_access. But
> even after re-reading this while thread and that doc link, I can't
> tell whether I should keep it as-is or switch to
> check_reverse_client_hostname_access.
>
> SteveJ
Yes, absolutely
On Thu, Jul 7, 2011 at 2:04 PM, Noel Jones wrote:
> On 7/7/2011 3:42 PM, mouss wrote:
>
>>
>> Noel, are you telling me that check_reverse... will match the client IP?
>> my understanding is that it will only match against the PTR.
>
> It's even documented.
> http://www.postfix.org/postconf.5.html#
On 7/7/2011 10:14 AM, /dev/rob0 wrote:
> On Thu, Jul 07, 2011 at 08:24:42AM -0500, Noel Jones wrote:
>> On 7/7/2011 7:48 AM, /dev/rob0 wrote:
>>> On Thu, Jul 07, 2011 at 06:44:49AM -0500, Stan Hoeppner wrote:
On 7/7/2011 5:58 AM, /dev/rob0 wrote:
> The anchors at both ends mean you are saf
On 7/7/2011 3:42 PM, mouss wrote:
>
> Noel, are you telling me that check_reverse... will match the client IP?
> my understanding is that it will only match against the PTR.
It's even documented.
http://www.postfix.org/postconf.5.html#check_reverse_client_hostname_access
And I can say with auth
Le 07/07/2011 22:48, Victor Duchovni a écrit :
> On Thu, Jul 07, 2011 at 10:35:56PM +0200, mouss wrote:
>
>> /^[0-9\.]$/
>> is equivalent to
>> any string formed with digits and/or dots
>
> No, just any single character that is a digit or ".". You left off the
> "*" or "+" to make it a strin
On Thu, Jul 07, 2011 at 10:35:56PM +0200, mouss wrote:
> /^[0-9\.]$/
> is equivalent to
> any string formed with digits and/or dots
No, just any single character that is a digit or ".". You left off the
"*" or "+" to make it a string composed of one (or zero) or more of said.
> with pcre;
Le 06/07/2011 23:14, Noel Jones a écrit :
> On 7/6/2011 3:57 PM, mouss wrote:
>> Le 06/07/2011 22:52, Noel Jones a écrit :
>>> On 7/6/2011 3:44 PM, mouss wrote:
>>>> Le 06/07/2011 07:07, Simon Deziel a écrit :
>>>>> Hi all,
>>>>>
>>
Le 07/07/2011 13:44, Stan Hoeppner a écrit :
> On 7/7/2011 5:58 AM, /dev/rob0 wrote:
>> On Thu, Jul 07, 2011 at 03:36:02AM -0500, Stan Hoeppner wrote:
>>> I received a request to ignore IPv4 addresses as well in order to
>>> improve performance. But given the extensive IF loops it seems
>>> we'd
On Thu, Jul 07, 2011 at 08:24:42AM -0500, Noel Jones wrote:
> On 7/7/2011 7:48 AM, /dev/rob0 wrote:
> > On Thu, Jul 07, 2011 at 06:44:49AM -0500, Stan Hoeppner wrote:
> >> On 7/7/2011 5:58 AM, /dev/rob0 wrote:
> >>> The anchors at both ends mean you are safe. You start with ^
> >>> and end with $,
On 7/7/2011 7:48 AM, /dev/rob0 wrote:
> On Thu, Jul 07, 2011 at 06:44:49AM -0500, Stan Hoeppner wrote:
>> On 7/7/2011 5:58 AM, /dev/rob0 wrote:
>>> The anchors at both ends mean you are safe. You start with ^ and
>>> end with $, so nothing else can sneak in between those.
>>>
>>> A simpler express
On Thu, Jul 07, 2011 at 06:44:49AM -0500, Stan Hoeppner wrote:
> On 7/7/2011 5:58 AM, /dev/rob0 wrote:
> > The anchors at both ends mean you are safe. You start with ^ and
> > end with $, so nothing else can sneak in between those.
> >
> > A simpler expression to accomplish the same thing:
> >
On 7/7/2011 5:58 AM, /dev/rob0 wrote:
> On Thu, Jul 07, 2011 at 03:36:02AM -0500, Stan Hoeppner wrote:
>> I received a request to ignore IPv4 addresses as well in order to
>> improve performance. But given the extensive IF loops it seems
>> we'd only save something like a few picoseconds of CPU
On Thu, Jul 07, 2011 at 03:36:02AM -0500, Stan Hoeppner wrote:
> I received a request to ignore IPv4 addresses as well in order to
> improve performance. But given the extensive IF loops it seems
> we'd only save something like a few picoseconds of CPU time (<30
> expressions processed). If th
On 7/6/2011 12:08 PM, Wietse Venema wrote:
> Some table types such as CIDR ignore the domain name. With table
> types such as CIDR, regexp and pcre, check_client_access does no
> prefix/suffix lookups.
>
> Given this, a pcre rule with ``/:/ DUNNO'' is sufficient to skip
> IPv6 addresses.
Thanks
On 7/6/2011 3:57 PM, mouss wrote:
> Le 06/07/2011 22:52, Noel Jones a écrit :
>> On 7/6/2011 3:44 PM, mouss wrote:
>>> Le 06/07/2011 07:07, Simon Deziel a écrit :
>>>> Hi all,
>>>>
>>>> Since I started using Stan's fqrdns.pcre file to
Le 06/07/2011 22:52, Noel Jones a écrit :
> On 7/6/2011 3:44 PM, mouss wrote:
>> Le 06/07/2011 07:07, Simon Deziel a écrit :
>>> Hi all,
>>>
>>> Since I started using Stan's fqrdns.pcre file to reduce spam I have some
>>> problems rece
On 7/6/2011 3:44 PM, mouss wrote:
> Le 06/07/2011 07:07, Simon Deziel a écrit :
>> Hi all,
>>
>> Since I started using Stan's fqrdns.pcre file to reduce spam I have some
>> problems receiving emails from with IPv6 clients.
>
> replace
> check_cl
Le 06/07/2011 15:13, Noel Jones a écrit :
> On 7/6/2011 2:32 AM, Henrik K wrote:
>> On Wed, Jul 06, 2011 at 12:38:05AM -0500, Noel Jones wrote:
>>> On 7/6/2011 12:07 AM, Simon Deziel wrote:
>>>> Hi all,
>>>>
>>>> Since I started us
Le 06/07/2011 07:07, Simon Deziel a écrit :
> Hi all,
>
> Since I started using Stan's fqrdns.pcre file to reduce spam I have some
> problems receiving emails from with IPv6 clients.
replace
check_client_access pcre:/etc/postfix
On 7/6/2011 12:08 PM, Wietse Venema wrote:
>
> Given this, a pcre rule with ``/:/ DUNNO'' is sufficient to skip
> IPv6 addresses.
>
> Wietse
Thanks.
-- Noel Jones
On 7/6/2011 8:15 AM, Simon Deziel wrote:
> On 07/06/2011 03:32 AM, Henrik K wrote:
>> On Wed, Jul 06, 2011 at 12:38:05AM -0500, Noel Jones wrote:
>>> On 7/6/2011 12:07 AM, Simon Deziel wrote:
>>>> Hi all,
>>>>
>>>> Since I started us
On 07/06/2011 09:13 AM, Noel Jones wrote:
> On 7/6/2011 2:32 AM, Henrik K wrote:
>> On Wed, Jul 06, 2011 at 12:38:05AM -0500, Noel Jones wrote:
>>> On 7/6/2011 12:07 AM, Simon Deziel wrote:
>>>> Hi all,
>>>>
>>>> Since I started us
On 07/06/2011 03:32 AM, Henrik K wrote:
> On Wed, Jul 06, 2011 at 12:38:05AM -0500, Noel Jones wrote:
>> On 7/6/2011 12:07 AM, Simon Deziel wrote:
>>> Hi all,
>>>
>>> Since I started using Stan's fqrdns.pcre file to reduce spam I have some
>>>
On 7/6/2011 2:32 AM, Henrik K wrote:
> On Wed, Jul 06, 2011 at 12:38:05AM -0500, Noel Jones wrote:
>> On 7/6/2011 12:07 AM, Simon Deziel wrote:
>>> Hi all,
>>>
>>> Since I started using Stan's fqrdns.pcre file to reduce spam I have some
>>>
On Wed, Jul 06, 2011 at 12:38:05AM -0500, Noel Jones wrote:
> On 7/6/2011 12:07 AM, Simon Deziel wrote:
> > Hi all,
> >
> > Since I started using Stan's fqrdns.pcre file to reduce spam I have some
> > problems receiving emails from with IPv6 clients.
> >
On 7/6/2011 12:07 AM, Simon Deziel wrote:
> Hi all,
>
> Since I started using Stan's fqrdns.pcre file to reduce spam I have some
> problems receiving emails from with IPv6 clients.
>
> Jul 4 05:19:10 mx postfix/smtpd[10191]: NOQUEUE: reject: RCPT from
> mail.python.org
Hi all,
Since I started using Stan's fqrdns.pcre file to reduce spam I have some
problems receiving emails from with IPv6 clients.
Jul 4 05:19:10 mx postfix/smtpd[10191]: NOQUEUE: reject: RCPT from
mail.python.org[2001:888:2000:d::a6]: 554
: Client host rejected: Generic -
Please relay vi
Am 2010-12-10 23:32, schrieb Steve:
>
> Original-Nachricht
>> Datum: Fri, 10 Dec 2010 22:46:35 +0100 Von: "Stefan G. Weichinger"
>> An: Steve CC:
>> postfix-users@postfix.org Betreff: Re: fqrdns.pcre
>
>>
>> We are getting q
Original-Nachricht
> Datum: Fri, 10 Dec 2010 22:46:35 +0100
> Von: "Stefan G. Weichinger"
> An: Steve
> CC: postfix-users@postfix.org
> Betreff: Re: fqrdns.pcre
>
> We are getting quite off topic here, I assume.
> BLs aren't postfix, I
We are getting quite off topic here, I assume.
BLs aren't postfix, I know.
Maybe we should continue off-list, Steve?
Am 10.12.2010 20:08, schrieb Steve:
>>> zen.spamhaus.org should be the only spamhaus.org DNSBL in your
>>> IP blocklist configuration. You should not use ZEN together with
>>> oth
Original-Nachricht
> Datum: Fri, 10 Dec 2010 18:38:28 +0100
> Von: "Stefan G. Weichinger"
> An: postfix-users@postfix.org
> Betreff: Re: fqrdns.pcre
> Am 2010-12-09 21:59, schrieb Steve:
>
> > Hacking? Adding one additional BL to polic
Am 2010-12-09 21:59, schrieb Steve:
> Hacking? Adding one additional BL to policyd-weight.conf is not
> hacking. Hacking policyd-weight would be if you add additional
> features like OS fingerprinting support, GeoIP support, etc...
ok ok, you're right ;-)
I just thought of the advice of the au
Original-Nachricht
> Datum: Thu, 09 Dec 2010 15:42:48 +0100
> Von: "Stefan G. Weichinger"
> An: Stan Hoeppner
> CC: postfix-users@postfix.org
> Betreff: Re: fqrdns.pcre
> Am 09.12.2010 08:19, schrieb Stan Hoeppner:
> > Stefan G. Weichin
Paul Cartwright put forth on 12/9/2010 9:38 AM:
> mail.info now has this:
> Dec 9 10:32:06 paulandcilla postfix/master[17432]: warning:
> /usr/lib/postfix/smtpd: bad command startup -- throttling
Ok, we need to troubleshoot this as Postfix isn't starting. What do you see in
/var/log/mail.log
ot;big project" based
> on this, but I'd gladly accept any *thoroughly tested* regexes and add
> them to the "master" list I currently host at
>
> http://www.hardwarefreak.com/fqrdns.pcre
>
> I'd be glad to start new sections of the file for spam source types
> other t
Steffan A. Cline:
> Weitse,
Please take the trouble to spell my name correctly. Thank you.
> To me this comment from you, "Stan, go take this discussion off-list or be
> removed." is completely out of line. While I understand your complaint and
> frustration, I think you forget that Stan provides
On 12/09/2010 09:44 AM, Stan Hoeppner wrote:
> Everything from here...
>
> to here
>
> is being ignored by postfix or will cause errors. These all need to be under
> an smtpd_foo_restriction heading. You have most it duplicated once, if not
> twice, below.
>
yeah, well,
annotate needed changes.
>>
>> > then my main.cf:
>> > cat /etc/postfix/main.cf
>>
>> Everything from here...
>> ----
>> > permit_sasl_authenticated, reject_unauth_destination
>>check_client_access
>> > pcre:/etc/postfix
fix/main.cf
>
> Everything from here...
>
> > permit_sasl_authenticated, reject_unauth_destination check_client_access
> > pcre:/etc/postfix/fqrdns.pcre, reject_rbl_client dnsbl.sorbs.net,
This is PRECISELY why this mailing list instists on posting POSTCONF
-N output, because THAT is the onl
_sasl_authenticated, reject_unauth_destination check_client_access
> pcre:/etc/postfix/fqrdns.pcre, reject_rbl_client dnsbl.sorbs.net,
> reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org
> reject_rhsbl_helo dbl.spamhaus.org,
> reject_unknown_sender_domain,reject_unknown_recipient_d
Am 09.12.2010 08:19, schrieb Stan Hoeppner:
> Stefan G. Weichinger put forth on 12/8/2010 5:55 PM:
>> Am 09.12.2010 00:53, schrieb Stefan G. Weichinger:
>>
>>> * is it really making greylisting useless? I use postgrey successfully
>>
>> small correction: on my own servers I run policyd for greylist
Wietse Venema put forth on 12/9/2010 6:10 AM:
> Stan, don't encourage people to cut and paste main.cf snippets.
>
> PLEASE PLEASE PLEASE PLEASE PLEASE PLEASE PLEASE PLEASE PLEASE PLEASE.
>
> Wietse
My apologies. I thought in this case it would be better for the OP and
possibly easier on
Stan Hoeppner:
> Noel Jones put forth on 12/8/2010 9:22 PM:
> > On 12/8/2010 7:07 PM, Stan Hoeppner wrote:
> >
> >> While discussing restrictions in main.cf only, and specifically order
> >> processing, it would actually be better if you pasted main.cf snippets
> >> instead of postconf -n snippets
(Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre
check_client_access cidr:/etc/postfix/china.cidr
reject_unknown_sender_domain reject_unknown_recipient_domain
reject_non_
Stefan G. Weichinger put forth on 12/8/2010 5:55 PM:
> Am 09.12.2010 00:53, schrieb Stefan G. Weichinger:
>
>> * is it really making greylisting useless? I use postgrey successfully
>
> small correction: on my own servers I run policyd for greylisting, not
> postgrey ... ;) just to be correct, an
ng a "big project" based
on this, but I'd gladly accept any *thoroughly tested* regexes and add
them to the "master" list I currently host at
http://www.hardwarefreak.com/fqrdns.pcre
I'd be glad to start new sections of the file for spam source types
other than consumer rdns
Noel Jones put forth on 12/8/2010 9:22 PM:
> On 12/8/2010 7:07 PM, Stan Hoeppner wrote:
>
>> While discussing restrictions in main.cf only, and specifically order
>> processing, it would actually be better if you pasted main.cf snippets
>> instead of postconf -n snippets, contrary to the list guid
n reloading.
> here is what it looks like now:
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre
> check_client_access cidr:/etc/postfix/china.cidr,
>
,
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre
check_client_access cidr:/etc/postfix/china.cidr,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client
dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org
On 12/8/2010 7:07 PM, Stan Hoeppner wrote:
While discussing restrictions in main.cf only, and specifically order
processing, it would actually be better if you pasted main.cf snippets
instead of postconf -n snippets, contrary to the list guidelines.
Nonsense. Always use "postconf -n" except
sasl_authenticated, reject_unauth_destination,
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre
check_client_access cidr:/etc/postfix/china.cidr,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_clie
Jack put forth on 12/8/2010 1:30 PM:
> FYI I have done this CIDR blocking for years at the firewall level ( people
> on the list harassed me about it) with minimal false positives but still
> enough to be a pain.
>
> I have lists from Turkey, Russia and other countries as well, but using the
> fir
Paul Cartwright put forth on 12/8/2010 8:21 AM:
> I didn't realize they were order specific..
> it now reads:
> smtpd_recipient_restrictions = permit_mynetworks
> permit_sasl_authenticated, reject_unauth_destination check_client_access
> pcre:/etc/postfix/fqrdns.pcr
Am 09.12.2010 00:53, schrieb Stefan G. Weichinger:
> * is it really making greylisting useless? I use postgrey successfully
small correction: on my own servers I run policyd for greylisting, not
postgrey ... ;) just to be correct, and maybe there are specific issues
with policyd vs. postgrey ...
Am 08.12.2010 07:52, schrieb Stan Hoeppner:
> I just added installation/usage instructions to the top of the file
> yesterday. As mouss stated, you'll see an entry in your mail log file
> with detailed optional text, usually identifying the ISP by name.
> Pflogsumm or logwatch can help you easily
On 2010-12-08 3:21 PM, Paul Cartwright wrote:
> I'm still getting LOTS of emails in thunderbird that have the "junk
> status" flame turned on.
Thunderbirds 'Junk' controls are client side - ie, totally separate from
server-side spam stuff... and they do not add anything to an emails
headers...
If
On 12/08/2010 02:30 PM, Jack wrote:
> I have lists from Turkey, Russia and other countries as well, but
> using the
> firewall method was rough when people didn't get a rejection so what I did
> is I converted to postfix CIDR and use fail2ban to monitor the log. If I
> bounce the same IP 4 times w
On 2010-12-08 9:21 AM, Paul Cartwright wrote:
> I didn't realize they were order specific..
> it now reads:
> smtpd_recipient_restrictions = permit_mynetworks
> permit_sasl_authenticated, reject_unauth_destination check_client_access
> pcre:/etc/postfix/fqrdns.pcr
FYI I have done this CIDR blocking for years at the firewall level ( people
on the list harassed me about it) with minimal false positives but still
enough to be a pain.
I have lists from Turkey, Russia and other countries as well, but using the
firewall method was rough when people didn't get a r
en.spamhaus.org, reject_rhsbl_sender
>> > dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org,
>> > reject_unknown_sender_domain,reject_unknown_recipient_domain,
>> > reject_non_fqdn_sender,
>> > reject_non_fqdn_recipient,check_reverse_client_hostname_access
>> > pcre:/etc
On 12/08/2010 02:00 AM, Stan Hoeppner wrote:
> To IP block all of China:
>
> wget http://ipdeny.com/ipblocks/data/countries/cn.zone
>
> sed 's/$/ REJECT/g' cn.zone > /etc/postfix/china.cidr
>
> smtpd_recipient_restrictions
> ...
> check_client_access cidr:/etc/postfix/china.cidr
>
1 - 100 of 110 matches
Mail list logo