Re: Trying to let a "friendly" mail server in and it ain't working....

From: Brian Evans (no email)
Date: Fri Sep 26 2008 - 11:37:15 EDT

  • Next message: Victor Duchovni: "Re: Delivery delay problems"

    Peter L. Berghold wrote:
    > Brian Evans - Postfix List wrote:
    >
    > > Without a current 'postconf -n', no one here can tell you.
    >
    [...]
    > relay_domains = bayshoredogclub.org,
    > berghold.net,agilitystewards.org,localhost

    No relay_recipient_maps could make you an (out|back)scatter source.
    > smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
    > reject_unknown_hostname
    >

    The problem comes from reject_unknown_hostname in this case. You don't
    have a check_helo_access map before it to whitelist the client in question.

    > smtpd_recipient_restrictions = check_sender_access
    > hash:/etc/postfix/access, permit_mynetworks,
    > permit_sasl_authenticated, reject_unauth_destination,
    > reject_unauth_pipelining, reject_non_fqdn_sender,
    > reject_non_fqdn_recipient, reject_unknown_recipient_domain,
    > reject_invalid_hostname, reject_rbl_client blackholes.easynet.nl,
    > reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net,
    > reject_rbl_client sbl.spamhaus.org, reject_rbl_client
    > opm.blitzed.org, reject_rbl_client dnsbl.njabl.org,
    > reject_rbl_client list.dsbl.org, reject_rbl_client multihop.dsbl.org,
    > permit

    BTW, since you are using check_sender_access, this only ever matches
    ENVELOPE sender, never which machine is doing the sending.
    In addition, putting the check BEFORE reject_unauth_destination with an
    OK makes you an open relay for any forged domains in that access file.

    Also, opm.blitzed.org and *.dsbl.org are dead, remove those checks to
    save a little overhead and possible false positives in the future.

    Brian


  • Next message: Victor Duchovni: "Re: Delivery delay problems"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD