From: Charles Marcus (CMarcusMedia-Brokers.com)
Date: Fri Apr 18 2008 - 14:38:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/18/2008 11:18 AM, Carlos Williams wrote:
> I am getting some emails from [162.83.95.167] so I decided to create
> /etc/postfix/client_blacklist with a single entry:
>
> 162.83 554 spam
>
> I am guessing this is blocking the entire class b (which is fine)

Pretty heavy handed, but it is your server...

> I checked to make sure its configured in main.cf and I see it listed
> below:

*Assuming* (all I can do since you didn't follow instructions and
provided copy/paste from main.cf instead of output of postconf -n) that
this is indeed what you are using...

> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> check_client_access dbm:/etc/postfix/client_blacklist,
> check_sender_access hash:/etc/postfix/access,
> check_policy_service inet:127.0.0.1:12525,
> reject_non_fqdn_recipient,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unauth_destination,

Move this last one (reject_unauth_destination) up so it is just below
'permit_sasl_authenitcated' - this will prevent errors in any of your
maps from making you an open relay (thanks mouss), and prevent
unnecessary DNS queries on messages you will reject later anyway...

> reject_unauth_pipelining,

This is only effective in smtpd_data_restrictions (remove it or move it
there)...

> reject_unlisted_recipient,
> reject_unverified_sender,

This is really a bad idea - and will get you blacklisted in a worst case
scenario - unless you have an agreement with every server you will be
hammering with your verifications...

--

Best regards,

Charles

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]