# UCE controls
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
reject_rbl_client sbl.spamhaus.org
reject_rbl_client relays.ordb.org
reject_rbl_client proxies.relays.monkeys.com
reject_rbl_client proxies.blackholes.easynet.nl
check_client_access regexp:/etc/postfix/clientblocks
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
i have underlined the important addition.
the clientblocks file is below.
basically if the connecting host has a DNS FQDN which contains the words
below (e.g. "dial" "ppp" "cable" "adsl" etc) then they are automagically
rejected. you wouldn't believe the amount of spam this stops!
also the following will reject mail from open proxies (no need for a proxy
RBL!)
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_unauth_pipelining
=== clientblocks file below ===
# all senders who are using dialup or cable modem
# get thrown out the door
/[-.]dial/ 550 Use an authorized relay
/dial[-inu.]/ 550 Use an authorized relay
/^dial/ 550 Use an authorized relay
/[-.]ppp/ 550 Use an authorized relay
/ppp[-inu.]/ 550 Use an authorized relay
/^ppp/ 550 Use an authorized relay
/adsl/ 550 Use an authorized relay
/host*pool*/ 550 Use an authorized relay
/\.da\.uu\.net/ 550 Use an authorized relay
/\.du\..*uu\.net/ 550 Use an authorized relay
/client*\.attbi\.com/ 550 Use an authorized relay
/client2*\.attbi\.com/ 550 Use an authorized relay
/client*\.comcast\.net/ 550 Use an authorized relay
/pcp*\.comcast\.net/ 550 Use an authorized relay
/^pc.*\.comcast\.net/ 550 Use an authorized relay
/^bg.*\.comcast\.net/ 550 Use an authorized relay
/smtp*\.rr\.com/ OK
/\.rr\.com/ 550 Use an authorized relay
/pool*verizon\.net/ 550 Use an authorized relay
/dsl*verizon\.net/ 550 Use an authorized relay
/ipt\.aol\.com/ 550 Use an authorized relay
/ipt\.aol\.net/ 550 Use an authorized relay
/client*\.natinst\.com/ 550 Use an authorized relay
/hfep*\.dion\.ne\.jp/ 550 Use an authorized relay
/^CPE*\.cable\.rogers\.com/ 550 Use an authorized relay
/cable\.mindspring\.com/ 550 Use an authorized relay
/dsl\.pipex\.com/ 550 Use an authorized relay
/dsl*\.swbell\.net/ 550 Use an authorized relay
/nr*\.fuse\.net/ 550 Use an authorized relay
/dsl*\.ameritech\.net/ 550 Use an authorized relay
/[0-9]*\.roadrunner\.nf\.net/ 550 Use an authorized relay
/optonline\.net/ 550 Use an authorized relay
/^ip*\.cox.net/ 550 Use an authorized relay
/^cm*\.charter\.com/ 550 Use an authorized relay
/^[0-9]*\.arrival\.net/ 550 Use an authorized relay
/^[0-9]*\.rev\.krline\.net/ 550 Use an authorized relay
/^[0-9]*\.hinet\.net/ 550 Use an authorized relay
/adsl\.*apol\.com\.tw/ 550 Use an authorized relay
/pooles\.rima\-tde\.net/ 550 Use an authorized relay
/adsl*\.worldonline\.dk/ 550 Use an authorized relay
/dsl*\.antwerp\.kpn\.be/ 550 Use an authorized relay
/^ip*\.pacific\.net\.hk/ 550 Use an authorized relay
/cable\.ntl\.com/ 550 Use an authorized relay
/^te*\.transedge\.com/ 550 Use an authorized relay
/^p[0-9]*\.net\.upc\.nl/ 550 Use an authorized relay
/^host*\.alestra\.net\.mx/ 550 Use an authorized relay
/^h*\.covad\.net/ 550 Use an authorized relay
/dsl*\.pacbell\.net/ 550 Use an authorized relay
/dsl*\.solcon\.nl/ 550 Use an authorized relay
/host*\.btopenworld\.com/ 550 Use an authorized relay
/user*\.sprint\-hsd\.net/ 550 Use an authorized relay
/dsl*\.gil\.com\.au/ 550 Use an authorized relay
/dsl*\.info\.com\.ph/ 550 Use an authorized relay
/ip[0-9]*\.pronto\.spb\.su/ 550 Use an authorized relay
/dsl*\.easynet\.co\.uk/ 550 Use an authorized relay
/dsl*\.dslextreme\.com/ 550 Use an authorized relay
/dsl*\.prodigy\.net\.mx/ 550 Use an authorized relay
/[0-9]*\.xo\.net/ 550 Use an authorized relay
/c[0-9]*\.is\.net\.tw/ 550 Use an authorized relay
/s[0-9]*\.tele2\.cz/ 550 Use an authorized relay
/[0-9]*\.isp\.tfn\.net\.tw/ 550 Use an authorized relay
/adsl\.tisnet\.net\.tw/ 550 Use an authorized relay
/adsl\.zonnet\.nl/ 550 Use an authorized relay
/wsip*\.cox\.net/ 550 Use an authorized relay
/dsl\.speakeasy\.net/ 550 Use an authorized relay
/zzz\*splitrock\.net/ 550 Use an authorized relay
/^cpe/ 550 Use an authorized relay
/subscriber/ 550 Use an authorized relay
/easymailers\.net/ REJECT
/outreachmarketing\.com/ REJECT
/madbrandz\.com/ REJECT
/arcamax\.com/ REJECT
/registeredwinners\.com/ REJECT
/megamailservers\.com/ REJECT
/newfunpages\.com/ REJECT
/postmasterdirect\.com/ REJECT
/offersondemand\.com/ REJECT
/offers/ REJECT
/porn/ REJECT
/freelotto/ REJECT
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
