>I am getting spam from servers that are listed in several RBLs that I use, >here is a log sample when I egrep for the IP address in the mail log: > >Jan 7 13:24:49 hasna postfix/smtpd[83149]: connect from >24-51-13-81.pittpa.adelphia.net[24.51.13.81] >Jan 7 13:24:50 hasna postfix/smtpd[83149]: A6455AE141: >client=24-51-13-81.pittpa.adelphia.net[24.51.13.81] >Jan 7 13:24:53 hasna postfix/smtpd[83149]: disconnect from >24-51-13-81.pittpa.adelphia.net[24.51.13.81]
connect/disconnect is not STMP behavior (which is what the MTA + RBLs block, it's TCP behavior. The RBL are not involved at TCP level. If you want TCP blocking, use a packet filtering firewall. >This IP is listed in CBL, DSBL, NJABLDYNA, SPAMCOP. I have all of these in >my smtpd_recipient_restrictions. Those RBLs do seem to work as they catch >quite a lot as my spam-stats report tells me, so I don't know why this IP >address slipped. Did postfix smtpd accept msgs from these IPs? Len
