|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Stan Hoeppner (stan
hardwarefreak.com)
Date: Mon Aug 04 2008 - 08:03:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Nicolas,
Try this:
Remove 'check_client_access hash:/etc/postfix/client_access' from
smtpd_recipient_restrictions. Add the following line in main.cf
somewhere before/above smtpd_recipient_restrictions:
smtpd_client_restrictions = hash:/etc/postfix/client_access
And make sure you 'postmap /etc/postfix/client_access' any time you make
changes to the file. And obviously, 'postfix reload' whenever you make
changes to main.cf.
Hope this helps.
Stan
Nicolas KOWALSKI wrote:
> Hello,
>
> I would like to whitelist a specific host, because it is currently
> listed in the zen rbl, but I am unable to do so.
>
> Here is a sample log of the rejected host connecting to my postfix:
>
> Aug 4 14:17:17 petole postfix/smtpd[23545]: connect from 225.96.68-86.rev.gaoland.net[86.68.96.225]
> Aug 4 14:17:17 petole postfix/smtpd[23545]: setting up TLS connection from 225.96.68-86.rev.gaoland.net[86.68.96.225]
> Aug 4 14:17:17 petole postfix/smtpd[23545]: TLS connection established from 225.96.68-86.rev.gaoland.net[86.68.96.225]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
> Aug 4 14:17:18 petole postfix/smtpd[23545]: NOQUEUE: reject: RCPT from 225.96.68-86.rev.gaoland.net[86.68.96.225]: 554 5.7.1 Service unavailable; Client host [86.68.96.225] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=86.68.96.225; from=<nicolas.kowalskigmail.com> to=<nikopetole.dyndns.org> proto=ESMTP helo=<demisel.dyndns.org>
> Aug 4 14:17:18 petole postfix/smtpd[23545]: disconnect from 225.96.68-86.rev.gaoland.net[86.68.96.225]
>
>
> - I added the following line (full postconf -n below) to the
> smtpd_recipient_restrictions, before the rbl check:
>
> check_client_access hash:/etc/postfix/client_access
>
>
> - /etc/postfix/client_access contains:
> demisel.dyndns.org OK
>
>
> - the full configuration:
>
> petole:~# postconf -n
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> config_directory = /etc/postfix
> disable_mime_output_conversion = yes
> header_checks = regexp:/etc/postfix/header_checks
> inet_protocols = all
> local_recipient_maps = hash:/etc/postfix/local_recipients, $alias_maps
> mailbox_size_limit = 0
> mailbox_transport = cyrus
> maximal_queue_lifetime = 60d
> message_size_limit = 0
> mydestination = localhost, localhost.localdomain, petole, petole.lan, petole.dyndns.org, petole.demisel.net
> mydomain = $myhostname
> myhostname = petole.dyndns.org
> relay_domains = demisel.dyndns.org
> relay_recipient_maps = hash:/etc/postfix/relay_recipients
> relayhost = [mail.club-internet.fr]
> smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtp_tls_loglevel = 1
> smtp_tls_security_level = may
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access hash:/etc/postfix/client_access, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_unknown_hostname, reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, permit
> smtpd_tls_cert_file = /etc/postfix/ssl/petole-crt.pem
> smtpd_tls_key_file = /etc/postfix/ssl/petole-key.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_timeout = 3600s
>
>
>
> Any help would be appreciated,
>
> Thanks,
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]