Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: mouss (moussnetoyen.net)
Date: Fri Apr 18 2008 - 15:02:33 CDT
Carlos Williams wrote:
> I am getting some emails from [126.96.36.199] so I decided to create
> /etc/postfix/client_blacklist with a single entry:
> 162.83 554 spam
> I am guessing this is blocking the entire class b (which is fine)
May I recommend a pcre:
/\d-\d+-\d+-\d.*\.verizon\.net$/ 554 5.7.1 Residential host
rejected. Please use your ISP or fix your rDNS.
> I checked to make sure its configured in main.cf and I see it listed below:
> smtpd_recipient_restrictions =
here. don't play with fire.
> check_client_access dbm:/etc/postfix/client_blacklist,
> check_sender_access hash:/etc/postfix/access,
why use both dbm and hash? if you can use hash, use hash (or better yet,
> check_policy_service inet:127.0.0.1:12525,
see above. move this up.
remove this. put it in smtpd_data_restrictions.
> reject_rbl_client cbl.abuseat.org,
cbl is included in zen. most people don't want to query cbl directly.
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client list.dsbl.org,
> reject_rbl_client multihop.dsbl.org,
> reject_rbl_client unconfirmed.dsbl.org,
I am not sure multihop and unconfirmed are safe enough to reject mail from.
> reject_rbl_client zombie.dnsbl.sorbs.net,
> reject_rbl_client dnsbl.njabl.org,
> reject_rbl_client spam.dnsrbl.org,
> reject_rbl_client dul.dnsbl.sorbs.net,
> reject_rbl_client dun.dnsrbl.net,
> reject_rbl_client vox.schpider.com,
> reject_rhsbl_sender dsn.rfc-ignorant.org,
This is not safe to reject. and given the backscatter issues, I wonder
if this will not become obsolete.
you're using too many DNSBLs (some I've never checked, so if absence of
a comment above doesn't mean anything). look at your logs and see if
these lists are catching anything. if they are not catching enough spam,
remove them and let spamassassin do the rest.
> I have this client_blacklist in place for one week now and I got one
> yesterday from the same address so I don't think I set this up
> correctly. How do I block these people from sending me junk? Did I do
> something wrong?
you don't want us to spend time trying to guess what might have
happened, do you?
so please provide enough evidence:
- show postconf -n output instead of main.cf snippets.
- show output of postmap -q to confirm that the entry you added is there.
- show logs (starting from reception).