Quoting Sahil Tandon <sa...@tandon.net>:
On Mon, 09 Feb 2009, David Cottle wrote:
Yes all the files (whitelist, check_backscatterer and
check_spamcannibal) have been postmap.
I assume that as long as the whitelist is done first, anything that
is ok in the file simply should 'brute force' past the rest of the
checks, no matter how many?
If an access table within smtpd_client_restrictions evaluates to OK, smtpd(8)
skips the remaining client_restrictions. However, one of the following
smtpd_mumble_restrictions might still trigger a REJECT. Please show
'postconf -n' and some relevant excerpts from your log.
--
Sahil Tandon <sa...@tandon.net>
Hi Sahil,
Here is the log:
Feb 9 09:36:55 server postfix/smtpd[26671]: warning: database
/etc/postfix/whitelist.db is older than source file
/etc/postfix/whitelist
Feb 9 09:36:55 server postfix/smtpd[26671]: connect from
unknown[64.202.189.90]
Feb 8 22:36:57 server postfix/smtpd[26671]: NOQUEUE: reject: RCPT
from unknown[64.202.189.90]: 554 5.7.1 Service unavailable; Client
host [64.202.189.90] blocked using dnsbl-1.uceprotect.net; IP
64.202.189.90 is UCEPROTECT-Level 1 listed. See
http://www.uceprotect.net/rblcheck.php?ipr=64.202.189.90;
from=<psa...@server.aussiefrogs.com> to=<dcot...@idb.com.au>
proto=SMTP helo=<k2smtpout02-01.prod.mesa1.secureserver.net>
Feb 8 22:36:57 server postfix/smtpd[26671]: disconnect from
unknown[64.202.189.90]
Now I was playing with timestamps on the .db files, so if it detects
this does this mean the whitelist is ignored due to the error hence
the answer? I just postmap the source files again to be sure, I
assume its a warning only?
Here is my postconf dump:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 10240000
mydestination = localhost.$mydomain, localhost, localhost.localdomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.5.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_send_xforward_command = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/whitelist, check_client_access
hash:/etc/postfix/check_backscatterer, check_client_access
hash:/etc/postfix/check_spamcannibal, reject_rbl_client
bl.spamcop.net, reject_rbl_client pbl.spamhaus.org, reject_rbl_client
sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org,
reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client
dnsbl-2.uceprotect.net, reject_rbl_client dnsbl-3.uceprotect.net,
reject_rbl_client 2.0.0.127.b.barracudacentral.org
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
transport_maps = hash:/var/spool/postfix/plesk/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps,
hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:110
Lastly is my updated check_ files correct? I want to only filter
emails from <>, postmaster and MAILER_DAEMON
<> reject_rbl_client bl.spamcannibal.org
postmaster reject_rbl_client bl.spamcannibal.org
MAILER-DAEMON reject_rbl_client bl.spamcannibal.org
and
<> reject_rbl_client ips.backscatterer.org
postmaster reject_rbl_client ips.backscatterer.org
MAILER-DAEMON reject_rbl_client ips.backscatterer.org
Thanks again!
