Re: Gateway Spam Recipient Restrictions?

Tue, 26 Apr 2011 06:17:32 -0700 

On 4/26/2011 3:00 AM, Fire walls wrote:


   Had been reading a postfix manuals and info from Internet.

   I'm running spam server with FreeBSD 8.2 + Postfix 2.8.x,
single domain.

   Internet -->spam server--> mail server -->Internal Network.

   The gateway is working, but I still doing changes to block
most of the spam that touch my server, I'm working right now
just with Postfix, latter I will continue with clamais,amavis,sa.

   Now, I want to use the smtpd_recipient_restrictions ->
reject_rbl_client blackholes.

I want to enable zen spamhaus org

   But once I reload or restart Postfix, the function of this
feature is to check if the from is in the list right?

smtpd_recipient_restrictions =
         permit_mynetworks,
         reject_unauth_destination,
         reject_non_fqdn_hostname,
         reject_non_fqdn_sender,
         reject_non_fqdn_recipient,
         reject_invalid_hostname,
         reject_non_fqdn_helo_hostname,
         reject_unknown_sender_domain,
         reject_unknown_recipient_domain,
         check_recipient_access
pcre:/usr/local/etc/postfix/recipient_checks.pcre,
         check_helo_access
hash:/usr/local/etc/postfix/helo_checks,
         check_sender_access
hash:/usr/local/etc/postfix/sender_checks,
         check_client_access
hash:/usr/local/etc/postfix/client_checks,
         reject_rbl_client zen spamhaus org,


It must have periods in it,
         reject_rbl_client zen.spamhaus.org


Without the periods it will create an error in your maillog. 
If there is no error, then either this isn't the config you're 
really using, or one of your earlier rules is returning OK or 
permit.




         check_policy_service inet:192 168 40 5:10023,



Does this policy service work as expected?  It doesn't have 
any periods in the IP address and should also generate an error.



         permit

But my log don't show any info about went postfix check
spamhaus, my fw won't show any blocks.



Next time show us "postconf -n" output rather than random 
snippings.



Enable query logging in your DNS server to see if spamhaus.org 
lookups are being performed.




Next,for a gateway spam server, the _rbl_client is better to
be in the smtpd_recipients_restrictions?



Most people put it in smtpd_recipient_restrictions, just after 
reject_unauth_destination and an optional check_client_access 
whitelist.


smtpd_recipient_restrictions =
  permit_mynetworks
  reject_unauth_destination
# uncomment next line if you need a client whitelist
# check_client_access cidr:/etc/postfix/client_whitelist.cidr
  reject_rbl_client zen.spamhaus.org
  ... other local restrictions ...



where the optional client_whitelist contains IPs of clients 
you want mail from that might otherwise be rejected by zen (or 
other local rules).



  -- Noel Jones






















					Reply via email to