Re: Whitelisting Redux

From: Dennis Putnam (no email)
Date: Tue May 01 2007 - 13:53:01 EDT

  • Next message: Magnus Bäck: "Re: Correct smtp auth config..."

    On May 1, 2007, at 11:10 AM, Jorey Bump wrote:

    >
    > No, I meant for you to change the "smtpd_client_restrictions" entry
    > that you provided to "smtpd_recipient_restrictions" and remove the
    > redundant smtpd_recipient_restrictions from your configuration.
    >
    >
    > It was. The address was wrong.

    Well, DOH! That's 2.

    >
    > No.
    >
    > To be clear, it's using the address provided during MAIL FROM (not
    > the From: header), and you're right, that's easily spoofed. But if
    > you want to use check_sender_access, that's what we're talking
    > about, the envelope sender.

    I understand and see the problem. I suspected that but was hoping I
    was wrong. Thanks.

    >
    > Refer to Email Address Patterns in:
    >
    > man 5 access
    >
    > or:
    >
    > http://www.postfix.org/access.5.html

    Thanks. I read this before but I guess I was refusing to believe
    there is no wildcard in the pattern matching. It appears I just can't
    do some of the things I wanted but there are other ways.

    >
    > Well, I sympathize, but this may be a user issue. They need to
    > complain to the ISP or switch. Kudos for trying to solve their
    > problem, but you may be taking on a maintenance headache. Of
    > course, you could move your RBLs to a scoring system via a policy
    > server or SpamAssassin if they are causing you too many problems.
    > Using RBLs isn't required, so I guess you do bear some of the
    > responsibility here.

    In case you haven't figured it out the user is me. Complaining to the
    ISP is a waste, they won't even stop themselves from being
    blacklisted. Besides anyone that complains is just a stupid user that
    knows nothing about systems. Switching is not really a cost effective
    option at this time. As for a maintenance headache, what is one
    more? :-) There are only a few users in this category so once I have
    it working it won't be a big deal. I just need to make sure this
    doesn't happen again. My Mandriva system has a cron script that
    reports critical files that have changed. Maybe I'll clone that
    script and use it here since main.cf can get changed so easily and
    sometimes it takes a while to notice the effects.

    >
    > I meant you must do this if you plan to use the bellsouth.net
    > address as your sender address for outgoing mail. Outgoing mail
    > *to* bellsouth.net is not affected by this configuration.
    >

    Ah, I see. That is not an issue.

    After all the gyrations it looks like you got me to where I need to
    be. I still have no idea what was changed that made it stop working
    in the first place. Plus I also don't know how it could have ever
    worked based on what you taught me. Thanks again for saving the day
    for me. I owe you and adult beverage of your choice.


  • Next message: Magnus Bäck: "Re: Correct smtp auth config..."





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD