|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: A Question About "check_client_access"
From: mouss (usebsd
free.fr)
Date: Wed Oct 12 2005 - 16:10:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Rich Shepard a écrit :
> Oct 11 14:55:46 salmo postfix/smtpd[32521]: connect from
> unknown[61.84.170.21]
> Oct 11 14:55:57 salmo postfix/smtpd[32521]: B6FC8DCA:
> client=unknown[61.84.170.21]
> Oct 11 14:56:00 salmo postfix/smtpd[32521]: disconnect from
> unknown[61.84.170.21]
>
> The output from 'postconf -n':
finally!! I thought you'll never do that:) (just kidding of course).
>
> smtpd_recipient_restrictions =
> check_client_access hash:/etc/postfix/internal_network
make sure this one doesn't allow the cited client.
> check_sender_access hash:/etc/postfix/not_our_domain_as_sender
verify that this doesn't whitelist anyone
> reject_non_fqdn_recipient reject_non_fqdn_sender
> reject_unknown_sender_domain
> reject_unknown_recipient_domain
> permit_mynetworks
(of course, 61.81.170.21 isn't in your network)
> reject_unauth_destination
> check_recipient_access hash:/etc/postfix/roleaccount_exceptions
I guess this doesn't whitelist your email address.
> check_recipient_access hash:/etc/postfix/recipients
nor this
> check_helo_access pcre:/etc/postfix/helo_checks
check this twice or more. check it with helo=216.99.206.23.
If I were you, I'd just reject naked IP helo's. and since you do
reject_non_fqdn_hostname, I see no reason to accept naked IPs in helo.
> reject_non_fqdn_hostname
> reject_invalid_hostname
> check_sender_mx_access cidr:/etc/postfix/bogus_mx
I guess this only returns REJECT (never OK)?
> check_sender_access hash:/etc/postfix/rhsbl_sender_exceptions
make sure this doesn't allow the spammer.
> reject_rhsbl_sender dsn.rfc-ignorant.org
> reject_rbl_client sbl-xbl.spamhaus.org
> reject_rbl_client relays.ordb.org
> reject_rbl_client bl.spamcop.net
> reject_rbl_client list.dsbl.org
> check_sender_access hash:/etc/postfix/common_spam_senderdomains
I guess this only returns REJECT.
> check_client_access hash:/etc/postfix/badip
> check_client_access hash:/etc/postfix/badaddr
> check_sender_access hash:/etc/postfix/badaddr
> permit
> smtpd_restriction_classes = has_our_domain_as_sender
when is this called (which map from the above) and how it is defined?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]