- Previous message: D Hill: "Re: Helo command rejected: unknown host reg...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: MacShane, Tracy (no email)
Date: Fri May 02 2008 - 03:31:33 EDT
This is following on from an earlier thread, where I identifed a problem
with an access map apparently not working correctly (and not passing
through all mail from .gov.au hosts)
>
> On Fri, Mar 28, 2008 at 10:19:42AM +1100, MacShane, Tracy wrote:
>
> > I'm a bit stumped as to what's going on with one of my client access
> > maps. The objective is to have all ".gov.au" hosts from all
subdomains
> > exempt from the majority of our smtpd_*_restrictions checks.
> >
> > Postfix version is 2.2.10
> > parent_domain_matches_subdomains = debug_peer_list,
> > fast_flush_domains, mynetworks, permit_mx_backup_networks,
> > qmqpd_authorized_clients, relay_domains, smtpd_access_maps
>
Viktor suggested I had a mismatch between a leading dot for the key and
the parent_domain_matches_subdomains parameter that included
smtpd_access_maps. This was actually due to a bad troubleshooting
attempt on my behalf.
The access map is as follows:
--- client_access ---
# All .gov.au addresses
gov.au OK
[...]
# rr.com - zombie machines
res.rr.com REJECT Rejected due to zombie attacks
# more zombie spammers
neoplus.adsl.tpnet.pl REJECT
internetdsl.tpnet.pl REJECT
[...]
-------
Now, given the custom response message I have for rr.com hosts, it
appears that the access map is in fact working correctly.
May 2 17:05:03 smtp3 postfix/smtpd[14450]: NOQUEUE: reject: RCPT from
cpe-74-76-15-20.nycap.res.rr.com[24.90.217.53]: 554
<cpe-24-90-217-53.nyc.res.rr.com[24.90.217.53]>: Client host rejected:
Rejected due to zombie attacks; from=<>
to=<> proto=SMTP
helo=<cpe-24-90-217-53.nyc.res.rr.com>
However, if I try to query the access map using postmap -q, nothing is
returned:
[smtp3]# postmap -q "cpe-74-76-15-20.nycap.res.rr.com"
hash:/etc/postfix/client_access
[smtp3]#
This is driving me nuts, and evidently didn't help when I was trying to
troubleshoot the issue with the .gov.au hosts. Can anyone shed any light
on why postmap -q isn't returning the expected values? The server is
RHEL 4 ES, and it's the distribution's Postfix build. Running similar
queries on PCRE and CIDR maps works as expected (ie. values like REJECT
and OK are returned).
I'm certain that I didn't have any problems running the query on hashed
files in the past, but I can't pinpoint a date when it changed (the
hashed lookups don't change that often).
Thanks for any ideas on where to start looking, or bashings with the
cluebat.
Tracy
|
|
|