On Mon, Aug 07, 2017 at 03:38:59PM +0200, Benny Pedersen wrote: > Voytek skrev den 2017-08-07 15:19: > > > thanks for other comments, I'll read in detail tomorrow > > > > (1) > > Aug 6 22:12:48 emu postfix/smtpd[24963]: NOQUEUE: reject: RCPT > > from sydney.sge.net[152.91.65.147]: 554 5.7.1 Service > > unavailable; Client host [152.91.65.147] blocked using > > b.barracudacentral.org; Client host blocked using Barracuda > > Reputation, see > > http://www.barracudanetworks.com/reputation/?r=1&ip=152.91.65.147; > > from=<> to=<k...@dom.com.au> proto=ESMTP helo=<sydney.sge.net> > > https://www.dnswl.org/s/?s=36576 > > i noticed you did not use dns based whitelist at all, not that you > need to, but sometimes ips being fp listed aswell
DNS whitelisting and postscreen, as Benny suggested, are good bits of advice, but they of course were not available that many years ago. Postfix 2.1 saw its final update over 12 years ago. That's a very long time in terms of software. You simply cannot expect to continue using Postfix 2.1 in this decade. The best (albeit partial) solution is to upgrade. That said, check_client_access did exist Way Back Then. Precede your DNSBL lookups with this check_client_access lookup: sydney.sge.net permit_auth_destination I don't think the cidr: maptype was implemented back then, but a cidr_table(5) is a good way to do check_client_access without (as per my example) relying on reverse DNS lookups. Much better tools have existed for a very long time! -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
