Re: Why was this message rejected by postfix

Wed, 21 Apr 2010 13:34:14 -0700 

On 4/21/2010 3:04 PM, Russell Horn wrote:

Hi,

I believed I had the whole facebook IP block covered by
/etc/postfix/access by adding the line:

69.63.176.0/20 OK

And recreating the has file.
cidr: syntax is not supported in hash: files. You can list the first three octects to simulate a /24 or your can list each IP individually. 



paddington:~ # postconf -n
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
$virtual_mailbox_maps
$virtual_mailbox_maps should not be included in local_recipient_maps. This implies you have a virtual_mailbox_domain listed in mydestination; don't do that. 


maps_rbl_domains = blackholes.mail-abuse.org, sbl.spamhaus.org,
bl.spamcop.net, blackholes.easynet.nl
The easynet.nl blacklists have been retired for years. Most people have moved from sbl.spamhaus.org to zen.spamhaus.org. 
mail-abuse.org is a subscription-only service.

RBLs are not a set-and-forget item.
Anyway, maps_rbl_domains is a deprecated syntax. You should be using "reject_rbl_client rbl.example.com" in your smtpd_*_restrictions instead. 

[...]
You should probably set relay_domains empty if you're not using any relay_domains 

relay_domains =


smtpd_client_restrictions = hash:/etc/postfix/access, reject_maps_rbl


Deprecated syntax. This should be
smtpd_client_restrictions =
  check_client_access hash:/etc/postfix/access
  reject_rbl_client zen.spamhaus.org
  reject_rbl_client bl.spamcop.net


smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_client_access
hash:/etc/postfix/access, reject_unauth_destination
Open relay warning! Any client listed with OK in your access file has relay access.
To fix this, move reject_unauth_destination BEFORE check_client_access. 
http://www.postfix.org/SMTPD_ACCESS_README.html#danger


hash:/etc/postfix/block,
Using a hash: file without check_{something}_access statement is deprecated syntax. Use: 
   check_recipient_access hash:/etc/postfix/block


reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_invalid_hostname, reject_unknown_sender_domain,
reject_unknown_client, check_relay_domains
check_relay_domains is deprecated (and doesn't do any good here at the end of your restrictions). Remove it. 


  -- Noel Jones

Reply via email to