From: Alex Palenschat (alexnssmgmt.com)
Date: Thu Jul 27 2006 - 16:28:55 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I recently installed and configured Postfix from RPM and was able to get
it working as MTA for some backend servers. I followed many of the
suggestions here:

http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

which is where many of my smtpd_*_restrictions and strategy came from.
But I did follow some other howtos and perhaps I have confused the
issue. My understanding is that all of the lookups/checks done in a
given smtpd restriction class are evaluated in order and that at a match
it stop evaluation of the rest of the checks in that class and go to the
next class. Most of this seems to work, but for some reason my
postmaster and abuse entries in the recipient_checks.pcre file don't
seem to be doing that.
I am seeing mail to those addresses being caught by check_helo_access
and the spamassassin filter. Otherwise everything seems to be working
without problem.

Thanks in advance for any help.

Log:

[rootbrutus ~]# grep "to=<postmaster" /var/log/maillog | more
Jul 27 09:04:52 brutus postfix/smtpd[21169]: NOQUEUE: reject: RCPT from
unknown[
61.76.121.14]: 504 <HWANG>: Helo command rejected: need fully-qualified
hostname
; from=<areawaydelegablescientist.com> to=<postmasterdomain.tld>
proto=ESM
TP helo=<HWANG>
<snip>
Jul 27 10:58:50 brutus postfix/smtp[21965]: BE9FCD2C0E9:
to=<postmasterdomain.tld>, relay=127.0.0.1[127.0.0.1], delay=3,
status=sent (250 2.7.1 Ok, discard
ed, UBE, id=21997-02)

[rootbrutus ~]# tail /etc/postfix/recipient_checks.pcre
/^\/ 550 Invalid address format.
/[!%\].*\/ 550 This server disallows weird address syntax.

/^postmaster\/ OK
/^hostmaster\/ OK
/^abuse\/ OK

[rootbrutus ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:127.0.0.1:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
local_recipient_maps =
local_transport = error
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination =
mynetworks = 127.0.0.0/8 192.168.0.0/20
myorigin = domain.tld
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
receive_override_options = no_address_mappings
relay_domains = <snip>
sample_directory = /usr/share/doc/postfix-2.1.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
check_sender_mx_access hash:/etc/postfix/mx_access,
reject_unknown_recipient_domain, check_recipient_mx_access
hash:/etc/postfix/mx_access permit_mynetworks,
reject_unauth_destination, check_recipient_access
pcre:/etc/postfix/recipient_checks.pcre, check_helo_access
hash:/etc/postfix/helo_checks, check_sender_access
hash:/etc/postfix/sender_checks, check_client_access
hash:/etc/postfix/client_checks, reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org, reject_rbl_client
cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net,
check_policy_service inet:127.0.0.1:10023, permit
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

[rootbrutus ~]# postconf -m
static
sdbm
cidr
pcre
nis
regexp
environ
proxy
ldap
btree
unix
hash

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]