On 4/21/2010 3:04 PM, Russell Horn wrote:
Hi,
I believed I had the whole facebook IP block covered by
/etc/postfix/access by adding the line:
69.63.176.0/20 OK
And recreating the has file.
cidr: syntax is not supported in hash: files. You can list
the first three octects to simulate a /24 or your can list
each IP individually.
paddington:~ # postconf -n
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
$virtual_mailbox_maps
$virtual_mailbox_maps should not be included in
local_recipient_maps. This implies you have a
virtual_mailbox_domain listed in mydestination; don't do that.
maps_rbl_domains = blackholes.mail-abuse.org, sbl.spamhaus.org,
bl.spamcop.net, blackholes.easynet.nl
The easynet.nl blacklists have been retired for years. Most
people have moved from sbl.spamhaus.org to zen.spamhaus.org.
mail-abuse.org is a subscription-only service.
RBLs are not a set-and-forget item.
Anyway, maps_rbl_domains is a deprecated syntax. You should
be using "reject_rbl_client rbl.example.com" in your
smtpd_*_restrictions instead.
[...]
You should probably set relay_domains empty if you're not
using any relay_domains
relay_domains =
smtpd_client_restrictions = hash:/etc/postfix/access, reject_maps_rbl
Deprecated syntax. This should be
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/access
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_client_access
hash:/etc/postfix/access, reject_unauth_destination
Open relay warning! Any client listed with OK in your access
file has relay access.
To fix this, move reject_unauth_destination BEFORE
check_client_access.
http://www.postfix.org/SMTPD_ACCESS_README.html#danger
hash:/etc/postfix/block,
Using a hash: file without check_{something}_access statement
is deprecated syntax. Use:
check_recipient_access hash:/etc/postfix/block
reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_invalid_hostname, reject_unknown_sender_domain,
reject_unknown_client, check_relay_domains
check_relay_domains is deprecated (and doesn't do any good
here at the end of your restrictions). Remove it.
-- Noel Jones