On Tuesday 28 July 2009 05:11:05 Hervé Hénoch wrote:
> 1) I want to use sasl in order to send mail outside my LAN. The
> authentification run well. But I was stopped by zen.spamhaus.org because
> my FAI have registered dynamic adresses
> in this site.
>
> I don't understand why because permit_sasl_authenticated is always the
> second line !!!
>
> 2) The same thing happen with reject_non_fqdn_hostname : my home
> computer doesn't have a fqdn and permit_sasl_authenticated is the second
> line !!!
>
> Here are the restrictions in my main.cf :
While it is nice to see the well-formatted lines below, this could be
yet another case of why "postconf -n" is preferred. One possibility is
that smtpd_relay_reject is no, and a reject_rbl_client check is being
done prior to AUTH.
I'm sure that logs and postconf -n will tell the whole story.
> smtpd_helo_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> #check_helo_access hash:/usr/local/etc/postfix/helo_access,
> #warn_if_reject,
> reject_invalid_helo_hostname,
> reject_non_fqdn_hostname,
> permit
>
> smtpd_sender_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> permit
>
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_pipelining,
reject_unauth_pipelining does nothing at this point unless you have
"smtpd_relay_reject = no".
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_unauth_destination,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client zen.spamhaus.org,
I suppose you're aware that CBL is included in Zen with a very slight
lag. Some sites query CBL first to potentially reduce their number of
Spamhaus queries, or to address the issue of that lag.
> permit
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
