On 4/26/2011 11:51 AM, Fire walls wrote:
On Tue, Apr 26, 2011 at 6:16 AM, Noel Jones <[email protected] <mailto:[email protected]>> wrote:On 4/26/2011 3:00 AM, Fire walls wrote: Had been reading a postfix manuals and info from Internet. I'm running spam server with FreeBSD 8.2 + Postfix 2.8.x, single domain. Internet -->spam server--> mail server -->Internal Network. The gateway is working, but I still doing changes to block most of the spam that touch my server, I'm working right now just with Postfix, latter I will continue with clamais,amavis,sa. Now, I want to use the smtpd_recipient_restrictions -> reject_rbl_client blackholes. I want to enable zen spamhaus org But once I reload or restart Postfix, the function of this feature is to check if the from is in the list right? smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_non_fqdn_helo_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_recipient_access pcre:/usr/local/etc/postfix/recipient_checks.pcre, check_helo_access hash:/usr/local/etc/postfix/helo_checks, check_sender_access hash:/usr/local/etc/postfix/sender_checks, check_client_access hash:/usr/local/etc/postfix/client_checks, reject_rbl_client zen spamhaus org, It must have periods in it, reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org> Without the periods it will create an error in your maillog. If there is no error, then either this isn't the config you're really using, or one of your earlier rules is returning OK or permit. My settings have period,I just remove from here,sorry: reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org> check_policy_service inet:192.168.40.5:10023 <http://192.168.40.5:10023> check_policy_service inet:192 168 40 5:10023, Does this policy service work as expected? It doesn't have any periods in the IP address and should also generate an error. Yes,works. permit But my log don't show any info about went postfix check spamhaus, my fw won't show any blocks. Next time show us "postconf -n" output rather than random snippings. Enable query logging in your DNS server to see if spamhaus.org <http://spamhaus.org> lookups are being performed. If I test the domain in my dns server an resolve without issue. dig spamhaus.org <http://spamhaus.org> Next,for a gateway spam server, the _rbl_client is better to be in the smtpd_recipients_restrictions? Most people put it in smtpd_recipient_restrictions, just after reject_unauth_destination and an optional check_client_access whitelist. smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination # uncomment next line if you need a client whitelist # check_client_access cidr:/etc/postfix/client_whitelist.cidr reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org> ... other local restrictions ... where the optional client_whitelist contains IPs of clients you want mail from that might otherwise be rejected by zen (or other local rules). -- Noel Jones I want to add, that I can receive mails from know outside users and they pass all the rules but never see my server check the spamhaus.org <http://spamhaus.org> or my default log level won't show them? Peter I will remove some checks, I have a lot. Thanks!!! -- :-)
Postfix does not log successful rbl checks. The spamhaus site describes the procedure to check their service using dig or host. Turn on query logging in your DNS server to verify that postfix is performing the rbl lookups.
If you have more questions, don't waste your and others time posting inaccurate and incomplete information.
http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
