On a gentoo mailserver, I'm running Postfix 2.6.5 - and, having followed
some howto or other, quite a long time ago, I have this section at the
end of my main.cf:
--
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client bl.spamcop.net,
reject_unknown_sender_domain,
reject_rhsbl_sender bogusmx.rfc-ignorant.org
--
While it might not be optimal, it worked extremely well for a long
time. The block lists were a godsend as I receive(d) quite a lot of
spam which had threatened to bog down spamassassin. For ages, I just
used my ISP's SMTP server to send, and only received on my own.
I've bought a smart phone (an HTC HD2 on Windows Mobile 6.5) and need to
use it to access my email on this server - both via mobile and Wi-Fi
connectivity. The IMAP(s) side works OK for my inbox (after a few
dovecot tweaks) - and, after a setting up SASL, I can now send email
from my phone via my own SMTP server, which gateways this to my ISP...
all secured by a complex password. So far, so good - and I can send
email from home over Wi-Fi from my phone. The problem arises
elsewhere... where I'm not connected to my local (W)LAN (i.e. where I'm
not in "permit_mynetworks") - where the phone reports:
--
The server returned the following error message:
554 5.7.1 Service unavailable; Client host 149.254.48.170 blocked using
sbl-xbl.spamhouse.org; http://www.spamhous.org/query/bl?ip=149.254.48.170
--
The block comes as no surprise as 149.254.48.170 isn't exclusively under
my control - and, likely, is a vector for lots of spam - now mobile data
services are cheap and difficult to trace. What I didn't expect is for
my connection to be rejected even though I had the right username and
password.
So... the questions:
* How can I alter the configuration to process email from blocked
locations if and only if the client authenticates?
* How can I verify that SMTP auth has been done (when connecting from my
LAN) - it would be a disaster if I inadvertently created an open relay.
(I don't think I have - but better safe than sorry, etc.)
Thanks in advance for any replies...
