From: Oguz Yilmaz (oguzyilmazlistgmail.com)
Date: Sat Apr 10 2010 - 15:55:54 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am testing sender address verification on our servers. When I first
enable reject_unverified_sender before RBL testing, in 1 day, my IP
addresses was in CBL blacklist after 1 year of clerance.

Then I have tuned the configuration and put sender address
verification after most of the UCE measures. The latest configuration
is as below. However, then in 5-6 days the domain was in blacklist
again.

What can you suggest not to blacklisting again?
Should I add some other measures before reject_unverified_sender? What can be?
Should I disable SAV for some domains to prevent blacklisting? Which domains?

Regards,
Oguz,

Postfix is 2.2.11

unverified_sender_reject_code = 450

smtpd_delay_reject = yes
disable_vrfy_command = yes

data_directory = /var/spool/postfix
address_verify_map = btree:$data_directory/verify_cache

address_verify_sender = double-bounce

address_verify_negative_cache = yes
address_verify_negative_expire_time = 1d
address_verify_negative_refresh_time = 3h
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d

smtpd_recipient_restrictions =
 check_recipient_access hash:/etc/postfix/access,
 check_recipient_access hash:/etc/postfix/access-st,
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_pipelining,
 reject_rhsbl_sender dsn.rfc-ignorant.org,
 reject_rhsbl_sender rhsbl.sorbs.net,
 reject_rbl_client dnsbl.sorbs.net,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client zen.spamhaus.org,
 reject_rbl_client ix.dnsbl.manitu.net,
 reject_unknown_recipient_domain,
 reject_non_fqdn_recipient,
 reject_unauth_destination,
 check_policy_service unix:private/postgrey,
 reject_unverified_sender,
# reject_unverified_recipient,
 permit_auth_destination

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]