K bharathan schrieb:
> hi all
> my relay smtp out got listed with backscatterer.org
> <http://backscatterer.org>; the following is my postconf:
> 
> alias_maps = hash:/etc/aliases
> biff = no
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = amavisd-new:[127.0.0.1]:10024
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> defer_transports =
> disable_dns_lookups = no
> disable_mime_output_conversion = no
> disable_vrfy_command = yes
> home_mailbox = Maildir/
> html_directory = /usr/share/doc/packages/postfix23/html
> inet_interfaces = all
> inet_protocols = all
> local_recipient_maps =
> local_transport = error:local mail delivery is disabled
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport =
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains =
> masquerade_exceptions = root
> message_size_limit = 25600000
> mydestination =
> myhostname = smtp.example.com <http://smtp.example.com>
> mynetworks = 192.168.1.0/24 <http://192.168.1.0/24>    192.168.20.0/24
> <http://192.168.20.0/24> 127.0.0.0/8 <http://127.0.0.0/8>
> mynetworks_style = subnet
> myorigin = example.com <http://example.com>
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/packages/postfix23/README_FILES
> relay_domains =
> relay_recipient_maps = hash:/etc/postfix/relay_recipients
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix23/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_auth_enable = no
> smtp_use_tls = no
> smtpd_client_restrictions =
> 
> smtpd_data_restrictions =
> reject_multi_recipient_bounce
> reject_unauth_pipelining       
> permit
> 
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient       
> reject_non_fqdn_sender 
> reject_unknown_sender_domain   
> reject_unknown_recipient_domain     
> permit_mynetworks      
> reject_unauth_destination      
> 
> check_recipient_access hash:/etc/postfix/roleaccount_exceptions     
> reject_non_fqdn_hostname       
> reject_invalid_hostname
> check_helo_access pcre:/etc/postfix/helo_checks     
> reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org> permit
> smtpd_sasl_auth_enable = no
> 
> smtpd_sender_restrictions =
> check_sender_access hash:/etc/postfix/mydomains     
> check_recipient_access hash:/etc/postfix/allowed_forwards   
> reject_unauth_destination
> smtpd_use_tls = no
> strict_8bitmime = no
> strict_rfc821_envelopes = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
> 
> the server got a list of  domains (those domains mail servers use this
> server as relayhost)to relay out and does only smtp out; what could be
> wrong in the above config; appreciate ur assistance upon this

thats the reason, guess your relay clients get lots of i.e spam/virus
mail,perhaps they bounce after allready got the mail for nonexistent
domains/mailaccounts etc ( do they have catch alls, buggy virus
solutions , such are mail the faked sender for info by marking mail as
spam , virus etc? ) vacations and other nonsense in, and deliver out
over your relay
look your logs,do analyze, filter spam/virus etc before send out
perhaps dont relay by ip, use sasl auth to restrict relay clients
to mail domains which your relay has i.e mx delegated
After all its easy to get on that rbl, dont be to much afraid of it, but
look out for systematic setup bugs of your clients by looking at your logs,
perhaps set hold outgoing mails for that a few hours, dont accept
mails from nonexisting domains from clients etc, listing can have many
reasons

> 
> thanks
> 
> -bharathan
> 


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Reply via email to