Howdy,
I've never seen the point in this before, but i've been asked by a client
to implement it if possible, that is, place dnsbl checks on submission and
smtps connections, I've tried a few combinations but it does not seem to be
working, no doubt someone can see the error and slap me a new one for
overlooking the obvious on a Sunday.
Master:
smtps inet n - n - - smtpd
-o smtpd_client_restrictions=$submission_client_restrictions
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o receive_override_options=no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_data_restrictions=
-o smtpd_client_connection_rate_limit=1000
-o content_filter=
submission inet n - n - - smtpd
-o smtpd_client_restrictions=$submission_client_restrictions
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_sasl_auth_enable=yes
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_data_restrictions=
-o receive_override_options=no_header_body_checks
-o mynetworks=127.0.0.0/8,[::1]/128
-o content_filter=
-o smtpd_client_connection_rate_limit=1000
-o anvil_rate_time_unit=3600
Main:
submission_recipient_restrictions =
reject_rbl_client cbl.abuseat.org=127.0.0.[2..255]
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
permit_sasl_authenticated
reject
I've tried reordering a few of these but no go, tcpdump does not show any
attempts to the BL, the clients are definitely coming in on port 587 and
465, we don't allow smtp auth on 25 (tested), and the
smtpd_recipient_restrictions = contains same BL and
Open to suggestions,
Thanks
Nik
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
