On Tue, Apr 26, 2011 at 11:43 AM, Noel Jones <[email protected]> wrote:
> On 4/26/2011 11:51 AM, Fire walls wrote: > >> On Tue, Apr 26, 2011 at 6:16 AM, Noel Jones >> <[email protected] <mailto:[email protected]>> wrote: >> >> On 4/26/2011 3:00 AM, Fire walls wrote: >> >> >> Had been reading a postfix manuals and info from >> Internet. >> >> I'm running spam server with FreeBSD 8.2 + Postfix >> 2.8.x, >> single domain. >> >> Internet -->spam server--> mail server -->Internal >> Network. >> >> The gateway is working, but I still doing changes >> to block >> most of the spam that touch my server, I'm working >> right now >> just with Postfix, latter I will continue with >> clamais,amavis,sa. >> >> Now, I want to use the smtpd_recipient_restrictions -> >> reject_rbl_client blackholes. >> >> I want to enable zen spamhaus org >> >> But once I reload or restart Postfix, the function >> of this >> feature is to check if the from is in the list right? >> >> smtpd_recipient_restrictions = >> permit_mynetworks, >> reject_unauth_destination, >> reject_non_fqdn_hostname, >> reject_non_fqdn_sender, >> reject_non_fqdn_recipient, >> reject_invalid_hostname, >> reject_non_fqdn_helo_hostname, >> reject_unknown_sender_domain, >> reject_unknown_recipient_domain, >> check_recipient_access >> pcre:/usr/local/etc/postfix/recipient_checks.pcre, >> check_helo_access >> hash:/usr/local/etc/postfix/helo_checks, >> check_sender_access >> hash:/usr/local/etc/postfix/sender_checks, >> check_client_access >> hash:/usr/local/etc/postfix/client_checks, >> reject_rbl_client zen spamhaus org, >> >> >> It must have periods in it, >> >> reject_rbl_client zen.spamhaus.org >> <http://zen.spamhaus.org> >> >> >> Without the periods it will create an error in your >> maillog. If there is no error, then either this isn't the >> config you're really using, or one of your earlier rules >> is returning OK or permit. >> >> My settings have period,I just remove from here,sorry: >> >> reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org> >> >> check_policy_service inet:192.168.40.5:10023 >> <http://192.168.40.5:10023> >> >> >> >> >> check_policy_service inet:192 168 40 5:10023, >> >> >> Does this policy service work as expected? It doesn't >> have any periods in the IP address and should also >> generate an error. >> >> Yes,works. >> >> >> permit >> >> But my log don't show any info about went postfix check >> spamhaus, my fw won't show any blocks. >> >> >> Next time show us "postconf -n" output rather than random >> snippings. >> >> Enable query logging in your DNS server to see if >> spamhaus.org <http://spamhaus.org> lookups are being >> >> performed. >> >> >> If I test the domain in my dns server an resolve without issue. >> >> dig spamhaus.org <http://spamhaus.org> >> >> >> >> Next,for a gateway spam server, the _rbl_client is >> better to >> be in the smtpd_recipients_restrictions? >> >> >> Most people put it in smtpd_recipient_restrictions, just >> after reject_unauth_destination and an optional >> check_client_access whitelist. >> >> >> smtpd_recipient_restrictions = >> permit_mynetworks >> reject_unauth_destination >> # uncomment next line if you need a client whitelist >> # check_client_access cidr:/etc/postfix/client_whitelist.cidr >> >> reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org> >> >> ... other local restrictions ... >> >> >> where the optional client_whitelist contains IPs of >> clients you want mail from that might otherwise be >> rejected by zen (or other local rules). >> >> >> -- Noel Jones >> >> >> I want to add, that I can receive mails from know outside >> users and they pass all the rules but never see my server >> check the spamhaus.org <http://spamhaus.org> or my default log >> >> level won't show them? >> >> Peter I will remove some checks, I have a lot. >> >> Thanks!!! >> >> -- >> :-) >> > > Postfix does not log successful rbl checks. The spamhaus site describes > the procedure to check their service using dig or host. Turn on query > logging in your DNS server to verify that postfix is performing the rbl > lookups. > > If you have more questions, don't waste your and others time posting > inaccurate and incomplete information. > http://www.postfix.org/DEBUG_README.html#mail > > > -- Noel Jones > Sorry Sr. -- :-)
