On Mon, Apr 19, 2010 at 08:31:19AM -0400, donovan jeffrey j wrote:
> abuseat.org is working fine. I'm only having trouble with zen.
> Apr 19 08:29:12 mail2 postfix/smtpd[21642]: NOQUEUE: reject: RCPT
> from unknown[117.201.68.108]: 554 Service unavailable; Client host
> [117.201.68.108] blocked using cbl.abuseat.org; Blocked - see
> http://cbl.abuseat.org/lookup.cgi?ip=117.201.68.108;
> from=<du...@beth.k12.pa.us> to=<du...@beth.k12.pa.us> proto=ESMTP
Whilst it appears that the DNS problem has been sorted, I'm going to
suggest a different approach to this one.
> helo=<[117.201.69.50]>
>
> any ideas ?
The bracketed IP address is a valid HELO, commonly seen from your
authenticating clients. There is no reason why a real MTA should be
using such a HELO. I block these with a pcre: map.
!/[[:alpha:]]/ 502 5.5.4
We find that all-numeric EHLO/HELO greetings are usually
spam. If not, please ask your postmaster to correct the
server's EHLO/HELO greeting.
!/\./ 502 5.5.4
We find that non-qualified EHLO/HELO greetings are usually
spam. If not, please ask your postmaster to correct the
server's EHLO/HELO greeting.
This would fall under the first condition, "a helo which contains no
alpha characters." The second condition is my own reimplementation of
Postfix's built-in reject_non_fqdn_helo_hostname restriction.
Obviously these MUST NOT be applied to authenticating users, same as
with Zen. Precede this lookup with your permit_* restrictions for
relaying users (and move submission off of port 25, if applicable.)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
