Re: whitelisting not working

Mon, 09 Feb 2009 17:51:30 -0800 


Sent from my iPhone

On 10/02/2009, at 11:02, Noel Jones <njo...@megan.vbhcs.org> wrote:


David Cottle wrote:

smtpd_client_restrictions = check_client_access
hash:/etc/postfix/whitelist, check_sender_access
hash:/etc/postfix/check_backscatterer, check_sender_access
hash:/etc/postfix/check_spamcannibal, reject_rbl_client
bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client
cbl.abuseat.org, reject_rbl_client b.barracudacentral.org
I would have used this but in the postfix documentation it never
showed the use of check_sender_access in smtpd_client_restrictions
So I assume this is correct now?



You were also supposed to remove cbl.abuseat.org; it's included in  
the zen lookup.



One further suggestion - you may want to move your backscatter and  
spamcannibal checks to smtpd_data_restrictions to be compatible with  
the few services that do sender verification callbacks.


Other than that, yes, this looks reasonable.


As for the unknown, could selinux be stopping postfix from using the
DNS?  The DNS works as it serves out the DNS for the hosted domains.
Feb  9 22:31:55 server postfix/smtpd[25015]: connect from
unknown[189.6.3.109]
Yet I do a prompt from the server and reverse lookup the IP I get the
name..



SELinux is the usual suspect.  Turn it off and see what happens.  If  
that's not it, the second guess is an incomplete chroot jail.



If this doesn't help you get it fixed, start a new message thread  
for the new problem.  Include your "postconf -n" output and logging  
demonstrating the problem.



--
Noel Jones


Hi Noel,

Many thanks for your help!


I will pull the cbl.abuseat.org did not know it's in zen - that is a  
comprehensive rbl!



If I move my check_xxx routines to the smtpd_data_restrictions, is  
this still called up as a check_sender_access?



So I also assume that smtpd_data_ restrictions does what it does now  
in smtpd_client_restrictions with the additional sender verification  
callbacks?



Also no need running a whitelist in smptd_data_restrictions as my  
routines only look for <>, postmaster and MAILER_DAEMON


Thanks again!
David























					Reply via email to