Neil:
> 
> On 20 Oct 2008, at 18:45, Linux Addict wrote:
> >
> > On Mon, Oct 20, 2008 at 6:41 PM, Neil <[EMAIL PROTECTED]> wrote:
> >
> > On 20 Oct 2008, at 18:39, Linux Addict wrote:
> >
> >>
> >>
> >> On Mon, Oct 20, 2008 at 6:33 PM, Neil <[EMAIL PROTECTED]> wrote:
> >> On 20 Oct 2008, at 18:24, Linux Addict wrote:
> >>
> >>> Hi, Looks like our MX servers are hit hard by a specific email  
> >>> address which is sending frequent mails trying to use our relay  
> >>> effectively many mail servers seems to be blacklisting.
> >>>
> >>>
> >>> Oct 20 18:20:05 mx01 postfix/qmgr[6512]: DBB784BE68E: from=<[EMAIL 
> >>> PROTECTED] 
> >>> >, size=3309, nrcpt=1 (queue active)
> >>> Oct 20 18:20:05 mx0  postfix/error[9345]: DA960E73E11: to=<[EMAIL 
> >>> PROTECTED] 
> >>> >, relay=none, delay=77080, delays=76950/130/0/0.01, dsn=4.4.1,  
> >>> status=deferred (delivery temporarily suspended: connect to  
> >>> exchange.net Connection timed out)
> >>>
> >>> Please help me stop this. Thank you!
> >>>
> >>> ~LA
> >>
> >> Unless I'm mistaken (and I'm not the most knowledgeable person on  
> >> this list), I think your server thinks it's okay to accept mail for  
> >> the domain "exchange.net" (and I'm assuming "exchange.net" isn't  
> >> yours).  So to fix this, you need to tell postfix only to accept  
> >> mail for your domains.  I think you should check my_destination,  
> >> relay_domains, etc.
> >>
> >> Post the output of "postconf -n".
> >>
> >> -N.
> >>
> >>
> >> Thanks for your reply.
> >>
> >>
> >> mydestination = $myhostname
> >> relay_domains = $mydestination
> >>
> >> Actually its not just exchange.net, most of the mails are being  
> >> sent to bellsouth.net
> >>
> >> Oct 20 18:37:27 mx01 postfix/qmgr[6597]: 5CE74D08FE1: from=<[EMAIL 
> >> PROTECTED] 
> >> >, size=3237, nrcpt=1 (queue active)
> >> Oct 20 18:37:27 mx01 postfix/error[6838]: 57AD01031088: to=<[EMAIL 
> >> PROTECTED] 
> >> >, relay=none, delay=14928, delays=14928/0.05/0/0, dsn=4.0.0,  
> >> status=deferred (delivery temporarily suspended: host gateway- 
> >> f2.isp.att.net[207.115.11.16] refused to talk to me: 450 too  
> >> frequent connects from 63.240.86.13, please try again later.)
> >>
> >>
> >> Thanks
> >> LA
> >
> > I don't think you need $mydestination in relay_domains.  And the  
> > rest of postconf -n would still be useful.
> >
> >
> >
> > [snip]
> >
> > smtpd_recipient_restrictions = permit_mynetworks,     
> > permit_sasl_authenticated,    reject_unauth_destination,     
> > reject_invalid_hostname,    reject_unauth_pipelining,     
> > reject_non_fqdn_sender,    reject_unknown_sender_domain,     
> > reject_non_fqdn_recipient,    reject_unknown_recipient_domain,     
> > reject_rbl_client blackholes.easynet.nl,    reject_rbl_client  
> > cbl.abuseat.org,    reject_rbl_client  
> > proxies.blackholes.wirehub.net,    reject_rbl_client  
> > bl.spamcop.net,    reject_rbl_client sbl.spamhaus.org,     
> > reject_rbl_client dnsbl.njabl.org,    reject_rbl_client  
> > list.dsbl.org,    reject_rbl_client multihop.dsbl.org,    permit
> 
> You have a lot of stuff here that I'm not sure about, but the above,  
> in particular, I think is wrong.
> 
> First, I don't think you should have "permit" as the last item.  That  
> is probably your problem.  It should probably be "reject", or not  
> there at all (at which point I think it defaults to "reject").

Permit at the end is OK. He has reject_unauth_destination early in
smtpd_recipient_restrictions, so Postfix will accept only mail that
matches mydestination, relay_domains or one of the virtual_*_domains
tables.

        Wietse

Reply via email to