Spoofed freemail domains protection not working for postmaster
in [Postfix]
|
From: Stan Hoeppner on 10 Jun 2010 09:01 ����������� ������ put forth on 6/10/2010 4:15 AM: I'd attack the problem from another angle. You may be better served by adding some more dnsbl checks rather that fighting spoofs: http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a111.67.207.126 As you can see the IP sample you gave is already listed by multiple dnsbls. > smtpd_delay_reject = yes > > smtpd_client_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unknown_client_hostname, > reject_rbl_client list.dsbl.org, > reject_rbl_client zen.spamhaus.org + reject_rbl_client b.barracudacentral.org [1] reject_rbl_client spam.dnsbl.sorbs.net reject_rbl_client recent.spam.dnsbl.sorbs.net reject_rhsbl_client dbl.spamhaus.org > smtpd_sender_restrictions = + reject_rhsbl_sender dbl.spamhaus.org > smtpd_helo_restrictions = + reject_rhsbl_helo dbl.spamhaus.org [1] The BRBL is free to use but requires a sign-up: http://barracudacentral.org/account/register -- Stan
From: =?koi8-r?Q?=F0=CF=CB=CF=D4=C9=CC=C5=CE=CB=CF_?= =?koi8-r?Q?=EB=CF=D3=D4=C9=CB?= on 10 Jun 2010 09:04 � ���, 10/06/2010 � 08:01 -0500, Stan Hoeppner �����: > ����������� ������ put forth on 6/10/2010 4:15 AM: > > I'd attack the problem from another angle. You may be better served by adding > some more dnsbl checks rather that fighting spoofs: > http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a111.67.207.126 > > As you can see the IP sample you gave is already listed by multiple dnsbls. > > > smtpd_delay_reject = yes > > > > smtpd_client_restrictions = > > permit_mynetworks, > > permit_sasl_authenticated, > > reject_unknown_client_hostname, > > reject_rbl_client list.dsbl.org, > > reject_rbl_client zen.spamhaus.org > > + reject_rbl_client b.barracudacentral.org [1] > reject_rbl_client spam.dnsbl.sorbs.net > reject_rbl_client recent.spam.dnsbl.sorbs.net > reject_rhsbl_client dbl.spamhaus.org > > > smtpd_sender_restrictions = > > + reject_rhsbl_sender dbl.spamhaus.org > > > smtpd_helo_restrictions = > > + reject_rhsbl_helo dbl.spamhaus.org > > > [1] The BRBL is free to use but requires a sign-up: > http://barracudacentral.org/account/register Thanks for suggestion, I'll apply it. But if somebody can help discover (configuration) error which prioritizing postmaster that would be nice. -- ����������� ������ <casper(a)meteor.dp.ua>
From: Stan Hoeppner on 10 Jun 2010 09:32 ����������� ������ put forth on 6/10/2010 8:04 AM: > Thanks for suggestion, I'll apply it. You're welcome. > But if somebody can help discover (configuration) error which > prioritizing postmaster that would be nice. "postconf -d | grep mail_version" might be helpful. IIRC some early versions of Postfix had some things related to postmaster hard coded. -- Stan
From: =?koi8-r?Q?=F0=CF=CB=CF=D4=C9=CC=C5=CE=CB=CF_?= =?koi8-r?Q?=EB=CF=D3=D4=C9=CB?= on 10 Jun 2010 09:48 � ���, 10/06/2010 � 08:32 -0500, Stan Hoeppner �����: > ����������� ������ put forth on 6/10/2010 8:04 AM: > > > Thanks for suggestion, I'll apply it. > > You're welcome. > > > But if somebody can help discover (configuration) error which > > prioritizing postmaster that would be nice. > > "postconf -d | grep mail_version" might be helpful. IIRC some early versions > of Postfix had some things related to postmaster hard coded. This is Debian lenny. # postconf -d | grep mail_version mail_version = 2.5.5 milter_macro_v = $mail_name $mail_version -- ����������� ������ <casper(a)meteor.dp.ua>
From: Wietse Venema on 10 Jun 2010 09:50 If the postmaster address is excluded from spam checks then you may want to change the address_verify_sender setting. The current default is: address_verify_sender = $double_bounce_sender The older (problematic) default is address_verify_sender = postmaster The final ultimate fix is to make address_verify_sender time-dependent, so that it does not become a spam sink itself. Wietse
|
Next
|
Last
Pages: 1 2 3 Prev: "Invalid size declaration"? Next: Mail forward only using virtual_alias_maps |