|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ralf Hildebrandt (Ralf.Hildebrandt
charite.de)
Date: Fri Apr 18 2008 - 00:57:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* TechTalk <techtalkanthemfx.com>:
> Hi
>
> Some users on my mail system are reporting that their mail is being
> blocked and returned with the "553
> Open mailing script " error.
You probably have a webserver on that box that has a scrip, which can
be exploited for sending out spam. Correlate your apache and postfix
logs.
Find peaks in traffic, find the URL.
> Full error message below. I've gone to the unblock website to request
> we be unblocked, but is there a way to ensure that my postfix system
> (Mac OS X 10.3.9, postfix 2.0.10). I've got the "The book of Postfix"
> and while mostly lurking on this list I have tried to implement
> stringent anti-spam controls through appropriate smtp restrictions.
Won't help if a script invokes sendmail.
> maps_rbl_domains = zen.spamhaus.org
Deprecated. Use reject_rbl_client zen.spamhaus.org
> smtpd_client_restrictions = hash:/etc/postfix/
> smtpdreject,reject_rbl_client cbl.abuseat.org,reject_maps_rbl
See, there you already have reject_rbl_client.
Make that
smtpd_client_restrictions =
hash:/etc/postfix/smtpd
reject_rbl_client zen.spamhaus.org
... since ZEN includes cbl.abuseat.org
> smtpd_recipient_restrictions = permit_sasl_authenticated
> ,permit_mynetworks,reject_unauth_destination,permit
Shorten to:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
> smtpd_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender
> ,reject_unknown_sender_domain,reject_rhsbl_sender dsn.rfc-
> ignorant.org,permit
> smtpd_tls_loglevel = 0
> smtpd_use_pw_server = yes
> smtpd_use_tls = no
> unknown_local_recipient_reject_code = 550
>
>
>
--
Ralf Hildebrandt (Ralf.Hildebrandtcharite.de) snickebocharite.de
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
Ich bin nicht Deutschland. Ich bin einkaufen. -- F. Eckenga
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]