Sent from my iPhone

On 10/02/2009, at 11:02, Noel Jones <njo...@megan.vbhcs.org> wrote:

David Cottle wrote:
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/whitelist, check_sender_access
hash:/etc/postfix/check_backscatterer, check_sender_access
hash:/etc/postfix/check_spamcannibal, reject_rbl_client
bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client
cbl.abuseat.org, reject_rbl_client b.barracudacentral.org
I would have used this but in the postfix documentation it never
showed the use of check_sender_access in smtpd_client_restrictions
So I assume this is correct now?

You were also supposed to remove cbl.abuseat.org; it's included in the zen lookup.

One further suggestion - you may want to move your backscatter and spamcannibal checks to smtpd_data_restrictions to be compatible with the few services that do sender verification callbacks.

Other than that, yes, this looks reasonable.

As for the unknown, could selinux be stopping postfix from using the
DNS?  The DNS works as it serves out the DNS for the hosted domains.
Feb  9 22:31:55 server postfix/smtpd[25015]: connect from
unknown[189.6.3.109]
Yet I do a prompt from the server and reverse lookup the IP I get the
name..

SELinux is the usual suspect. Turn it off and see what happens. If that's not it, the second guess is an incomplete chroot jail.

If this doesn't help you get it fixed, start a new message thread for the new problem. Include your "postconf -n" output and logging demonstrating the problem.


--
Noel Jones

Hi Noel,

Many thanks for your help!

I will pull the cbl.abuseat.org did not know it's in zen - that is a comprehensive rbl!

If I move my check_xxx routines to the smtpd_data_restrictions, is this still called up as a check_sender_access?

So I also assume that smtpd_data_ restrictions does what it does now in smtpd_client_restrictions with the additional sender verification callbacks?

Also no need running a whitelist in smptd_data_restrictions as my routines only look for <>, postmaster and MAILER_DAEMON

Thanks again!
David

Reply via email to