> I got the following from on one my clients after adding 202.157.184.156 to > mta_clients_bw.map and postmapping the file. What did I do wrong ? the map > file preceeds the .rbl line.
Sender Vs. Client issue. You OKed the wrong thing. > <[EMAIL PROTECTED]>: This is the sender, [EMAIL PROTECTED] > 209.113.151.8 does not like recipient. > Remote host said: 554 Service unavailable; > [202.157.184.156] This is the client, 202.157.184.156. > blocked using spews.relays.osirusoft.com, reason: [1] > worldwide-investment/secure-webhosting, see > http://spews.org/ask.cgi?S1636 > Giving up on 209.113.151.8. > > > > smtpd_recipient_restrictions = > hash:/etc/postfix/smtpd_access_maps, > reject_unauth_pipelining, > hash:/etc/postfix/to_recipients.map, > hash:/etc/postfix/to_recipients_bad.map, > check_client_access hash:/etc/postfix/mta_clients.map, ^^^^^^^^^^^^^^^^^^^ - This is a client check > check_client_access hash:/etc/postfix/mta_clients_unkn_users.map, ^^^^^^^^^^^^^^^^^^^ - This is a client check > reject_non_fqdn_recipient, > reject_non_fqdn_sender, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > permit_mynetworks, > reject_unauth_destination, > check_sender_access hash:/etc/postfix/from_senders.map, ^^^^^^^^^^^^^^^^^^^ - This is a sender check > check_sender_access hash:/etc/postfix/mta_clients_bw.map, ^^^^^^^^^^^^^^^^^^^ - This is a sender check > reject_maps_rbl, ^^^^^^^^^^^^^^^^^^^ - This is a client check > permit > > > snippet from mta_clients_bw.map > > # [EMAIL PROTECTED] OK > # ip.ad.re.ss/24 OK > # [EMAIL PROTECTED] 554 access denied > # added 5-24-02 bellnexxia > user.veloxzone.com.br 554 ACL mta_clients_bw > 63.219.176.0/24 554 ACL mta_clients_bw > 202.157.184.156 OK In your mta_clients_bw.map you have client checks, but you are doing them as sender checks, which will male them fail. When you connect to a server, you are a client of that server. When your mail server talks to the Internet, and connects to other servers, it is a client of those servers. When 202.157.184.156 stated sending mail to 209.113.151.8, it became a client of 209.113.151.8. When 202.157.184.156 started sending mail, it said MAIL FROM: <[EMAIL PROTECTED]>, so <[EMAIL PROTECTED]> is the sender. In check_sender_access you can test for the following: [EMAIL PROTECTED] domain.tld user@ So basically the whole address, the right half alone, or the left half with the @. In check_client_access you can test for the following: domain.tld net.work.addr.ess (ie: 127.0.0.1) net.work.addr (ie: 127.0.0) net.work (ie: 127.0) net (ie: 127) So basically the server name, server ip, class C, class B, or class A network. (Yes, I am abusing the classes in some respects.) This means that BOTH client and sender can block a domain name. Only clients can also have IPs. When you put an email address in a client check, it is ignored. Only senders can also have users and email addresses. When you put an IP under a sender check, it is ignored. --Eric
