I ma getting some backscatter problems lately.
I used to have the line:
reject_unknown_reverse_client_hostname,
in my smtpd_client_restrictions but I commented it out because an important
client is on a microsoft cloud and had been having problems sending mail to
us.
Would adding the reject_unknown_reverse_client_hostname help with the
backscatter? If it does, is there any other way to deal with these microsoft
clouds and their screwed up reverse DNS?
I am not a mialguy, our mailguy was downsized along with all the other tech
staff except me. I write all the code here, but I have been lurking on this
list for over a year.
Thanks a bunch,
Mike
My postconf dump is below:
alias_database = $alias_maps
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 180s
biff = no
body_checks = pcre:$config_directory/pcre.body_checks
body_checks_size_limit = 1572864
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
default_privs = nobody
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
fast_flush_domains =
header_checks = pcre:$config_directory/pcre.header_checks
html_directory = /usr/local/share/doc/postfix
in_flow_delay = 1s
inet_interfaces = $myhostname, localhost
inet_protocols = ipv4
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 67108864
milter_default_action = accept
mime_header_checks = pcre:$config_directory/pcre.mime_header_checks
mydestination = $myhostname, localhost
mydomain = $myhostname
myhostname = mailhost.intelacom.com
mynetworks = 162.42.195.80, 162.42.195.41, 162.42.195.148,162.42.195.134,
162.42.195.135, 162.42.195.136, 75.127.176.42, 75.127.176.43, 75.127.176.44,
127.0.0.1
myorigin = $myhostname
nested_header_checks =
newaliases_path = /usr/local/bin/newaliases
notify_classes = 2bounce, delay, resource, software
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
$virtual_mailbox_domains $virtual_mailbox_maps $virtual_alias_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
relay_domains = cdb:$config_directory/cdb.relay_domains
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
slow_destination_concurrency_limit = 2
slow_destination_recipient_limit = 20
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 30
smtpd_client_connection_rate_limit = 50
smtpd_client_port_logging = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_recipient_access pcre:$config_directory/pcre.whitelist_allow,
warn_if_reject reject_unknown_client_hostname, warn_if_reject
reject_rbl_client bl.spamcop.net, warn_if_reject reject_rbl_client
psbl.surriel.com, reject_rbl_client zen.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining, permit
smtpd_discard_ehlo_keywords = silent-discard, dsn
smtpd_end_of_data_restrictions = check_policy_service unix:private/checkquota
smtpd_error_sleep_time = ${stress?1s}${stress:5s}
smtpd_hard_error_limit = ${stress?1}${stress:20}
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_recipient_access pcre:$config_directory/pcre.whitelist_allow,
check_helo_access pcre:$config_directory/pcre.helo_access,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_rhsbl_helo
dbl.spamhaus.org
smtpd_junk_command_limit = ${stress?1}${stress:50}
smtpd_milters = unix:/var/run/clamav/clmilter.sock
smtpd_recipient_limit = 300
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_mx_access
cidr:$config_directory/cidr.sender_mx_access, check_sender_mx_access cdb:
$config_directory/cdb.sender_mx_access, check_recipient_access pcre:
$config_directory/pcre.whitelist_allow, reject_rhsbl_sender dbl.spamhaus.org
smtpd_soft_error_limit = ${stress?5}${stress:10}
smtpd_timeout = ${stress?10s}${stress:120s}
smtpd_tls_cert_file = /etc/ssl/mailhost.pem
smtpd_tls_key_file = /etc/ssl/mailhost.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:
$data_directory/smtpd_tls_session_cache
soft_bounce = no
spamass_destination_recipient_limit = 1
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
transport_maps = cdb:$config_directory/cdb.transport_maps
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = proxy:mysql:$config_directory/virtual_alias_maps.cf
proxy:mysql:$config_directory/virtual_catchall_maps.cf
virtual_mailbox_domains = proxy:mysql:
$config_directory/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:$config_directory/virtual_mailbox_maps.cf
virtual_transport = dovecot
--
Mike McGinn KD2CNU
Ex Uno Plurima
No electrons were harmed in sending this message, some were inconvenienced.
** Registered Linux User 377849
