Unknown senders and spam
in [Postfix]
|
Prev: Question about bounce related spam
Next: Wanting incoming and outgoing e-mail montiroed for spam andvirii
From: Bill Weiss on 19 Apr 2010 01:55 Alex(mysqlstudent(a)gmail.com)@Mon, Apr 19, 2010 at 01:11:01AM -0400: > Hi, > > >> http://www.mail-archive.com/postfix-users(a)postfix.org/msg12683.html > >> > >> It was only from a few users, but wonder what their experience is > >> almost a year later. > > > > Yes, reject_unknown_client_hostname is still too strict for us. �And we're > > very strict! > > Good to know. I also don't think I can easily make such a change in my > environment. > > > The "warn_if_reject" feature predates "reject_unauth_pipelining", which you > > seem to be using successfully. �I strongly suspect there was some other > > error -- probably a simple typo in your config -- that kept warn_if_reject > > from working for you. > > I'm trying to do: > > warn_if_reject = reject_rbl_client backscatter.spameatingmonkey.net > > But it appears that's only available in later versions, so I've tried > this, and it also doesn't work: > > warn_if_reject = reject_maps_rbl backscatter.spameatingmonkey.net You probably want: warn_if_reject reject_maps_rbl backscatter.spameatingmonkey.net without the "=". -- Bill Weiss We will not prove this by intimidation and excessive fist waving. [while screaming these lines and frantically waving arms] -- Dr. Max Mintx, Math. Foundations of CS University of Pennsylvania
From: mouss on 19 Apr 2010 01:55 Alex a �crit : > Hi, > >>> Is it common practice to have that restriction in a production environment? >>> >>> It appears to be the third case here, that the name->address mapping >>> does not match the client IP address. Could this be from a legitimate >>> cause, or typically intentionally to be evasive? >>> >> since they put their domain name in their HELO (zaphod.chipchaps.com), >> they're not trying to evade anything. > > Yes, I guess they would have been rejected as a result of my helo checks. > >> you could try >> >> check_client_access hash:/etc/postfix/access_unknown >> >> >> smtpd_restriction_classes = >> ... >> policy_strong >> >> policy_strong = >> reject_rbl_client bb.barracudacentral.org > > Is it possible to use maps_rbl_domains instead of reject_rbl_client > here? with maps_rbl_domains, you can't specify which list to check in different places. since you're already using it in the "general" case, if you add barracuda list, it will apply unconditionally, which is different from my suggestion to call it when the clien is unknown. but if you think barracuda list is safe for you (it's not for me. the corresponding score in spamassassin confirms this for me), you can use it. > It appears this machine has a version of postfix that doesn't > understand reject_rbl_client. > > Thanks again! > Best regards, > Alex
From: mouss on 19 Apr 2010 01:57 Alex a �crit : > Hi, > >>> http://www.mail-archive.com/postfix-users(a)postfix.org/msg12683.html >>> >>> It was only from a few users, but wonder what their experience is >>> almost a year later. >> Yes, reject_unknown_client_hostname is still too strict for us. And we're >> very strict! > > Good to know. I also don't think I can easily make such a change in my > environment. > >> The "warn_if_reject" feature predates "reject_unauth_pipelining", which you >> seem to be using successfully. I strongly suspect there was some other >> error -- probably a simple typo in your config -- that kept warn_if_reject >> from working for you. > > I'm trying to do: > > warn_if_reject = reject_rbl_client backscatter.spameatingmonkey.net > wrong syntax. it's warn_if_reject reject_rbl_client $yourlist There's no 'equal' sign. > But it appears that's only available in later versions, so I've tried > this, and it also doesn't work: > > warn_if_reject = reject_maps_rbl backscatter.spameatingmonkey.net > doubly wrong syntax. besides the '=' sign, reject_rbl_maps doesn't take an argument. >> 20020905 >> >> Feature: "smtpd_data_restrictions = reject_unauth_pipelining" > > It looks like I have a big project ahead of me to upgrade. What kind > of process is involved with going from such an old version to the > current, independent of all the other software? > > Thanks, > Alex
From: Alex on 19 Apr 2010 02:40 Hi, >> I'm trying to do: >> >> warn_if_reject = reject_rbl_client backscatter.spameatingmonkey.net >> > > wrong syntax. it's > warn_if_reject reject_rbl_client $yourlist > There's no 'equal' sign. $ postfix check postfix: fatal: /etc/postfix/main.cf, line 700: missing '=' after attribute name: "warn_if_reject reject_maps_rbl backscatter.spameatingmonkey.net" Apr 19 02:35:33 smtp01 postfix[13351]: fatal: /etc/postfix/main.cf, line 700: missing '=' after attribute name: "warn_if_reject reject_maps_rbl backscatter.spameatingmonkey.net" >> But it appears that's only available in later versions, so I've tried >> this, and it also doesn't work: >> >> warn_if_reject = reject_maps_rbl backscatter.spameatingmonkey.net > > doubly wrong syntax. besides the '=' sign, reject_rbl_maps doesn't take > an argument. Looks like I'm SOL for now? :-) Thanks again, Alex
From: Stan Hoeppner on 19 Apr 2010 02:45
Noel Jones put forth on 4/18/2010 10:55 PM: > Yes, reject_unknown_client_hostname is still too strict for us. And > we're very strict! I ran with this for a short while. Had problems with it rejecting Hotmail connections. And these weren't Hotmail user mails beings delivered, but responses to my spam reports coming from the Hotmail abuse dept. Had too many other legit mails refused as well. It didn't stop any more spam here than reject_unknown_reverse_client_hostname so I reverted back to the latter. -- Stan |