NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-05

RE: Parent domains confusion?

From: MacShane, Tracy (Tracy.MacshaneAirservicesAustralia.com)
Date: Fri May 02 2008 - 02:31:33 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is following on from an earlier thread, where I identifed a problem
with an access map apparently not working correctly (and not passing
through all mail from .gov.au hosts)

>
> On Fri, Mar 28, 2008 at 10:19:42AM +1100, MacShane, Tracy wrote:
>
> > I'm a bit stumped as to what's going on with one of my client access

> > maps. The objective is to have all ".gov.au" hosts from all
subdomains
> > exempt from the majority of our smtpd_*_restrictions checks.
> >
> > Postfix version is 2.2.10
> > parent_domain_matches_subdomains = debug_peer_list,
> > fast_flush_domains, mynetworks, permit_mx_backup_networks,
> > qmqpd_authorized_clients, relay_domains, smtpd_access_maps
>

Viktor suggested I had a mismatch between a leading dot for the key and
the parent_domain_matches_subdomains parameter that included
smtpd_access_maps. This was actually due to a bad troubleshooting
attempt on my behalf.

The access map is as follows:
--- client_access ---
# All .gov.au addresses
gov.au OK
[...]
# rr.com - zombie machines
res.rr.com REJECT Rejected due to zombie attacks
# more zombie spammers
neoplus.adsl.tpnet.pl REJECT
internetdsl.tpnet.pl REJECT
[...]
-------

Now, given the custom response message I have for rr.com hosts, it
appears that the access map is in fact working correctly.

May 2 17:05:03 smtp3 postfix/smtpd[14450]: NOQUEUE: reject: RCPT from
cpe-74-76-15-20.nycap.res.rr.com[24.90.217.53]: 554
<cpe-24-90-217-53.nyc.res.rr.com[24.90.217.53]>: Client host rejected:
Rejected due to zombie attacks; from=<supportspammer.com>
to=<john.o...lexample.com> proto=SMTP
helo=<cpe-24-90-217-53.nyc.res.rr.com>

However, if I try to query the access map using postmap -q, nothing is
returned:

[smtp3]# postmap -q "cpe-74-76-15-20.nycap.res.rr.com"
hash:/etc/postfix/client_access
[smtp3]#

This is driving me nuts, and evidently didn't help when I was trying to
troubleshoot the issue with the .gov.au hosts. Can anyone shed any light
on why postmap -q isn't returning the expected values? The server is
RHEL 4 ES, and it's the distribution's Postfix build. Running similar
queries on PCRE and CIDR maps works as expected (ie. values like REJECT
and OK are returned).

I'm certain that I didn't have any problems running the query on hashed
files in the past, but I can't pinpoint a date when it changed (the
hashed lookups don't change that often).

Thanks for any ideas on where to start looking, or bashings with the
cluebat.

Tracy

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]