> On 1/22/2011 1:20 AM, Condor wrote: >> >>> On 1/21/2011 5:08 PM, Condor wrote: >>>> >>>> Hello, >>>> i have postfix 2.7.2 and i have problem with restrictions. I setup >>>> smtpd_recipient_restrictions here is my main.cf config file: >>>> >>>> >>> >>> Your RBL list is a mess. Several of the lists you are >>> querying are dead -- securitysage, wirehub, easynet, dsbl.org, >>> maybe others. You should use zen.spamhaus.org rather than the >>> other spamhaus lists. >>> You need to carefully review your RBLs once in a while and >>> make sure they are still active and doing what you expect. >>> >>> >>>> >>>> After i create file i do: >>>> postmap hash:/etc/postfix/recipient_checks.pcre >>> >>> There is no need to postmap a pcre file. >>> >>>> >>>> and postfix reload / restart (few times) >>> >>> If it didn't work once, it probably won't work the next time. >>> >>>> >>>> and i still can send email from yahoo to nobody on my server. Also i >>>> see >>>> that spam ip-s that is blocked on bl.spamcop.net for example still can >>>> send me email. That rule reject_rbl_client bl.spamcop.net does not >>>> block >>>> them. Any one can help and tell me where is my mistake ? >>>> >>>> >>> >>> Does postconf smtpd_recipient_restrictions show the the same >>> as what you've posted above? >>> >> >> Yes, i did not post it because i posted in previous email but here is it >> again: >> >> # postconf smtpd_recipient_restrictions >> >> smtpd_recipient_restrictions = permit_mynetworks, >> permit_sasl_authenticated, reject_unauth_destination, >> check_helo_access >> hash:/etc/postfix/helo_checks, check_sender_access >> hash:/etc/postfix/helo_checks, check_recipient_access >> pcre:/etc/postfix/recipient_checks.pcre, reject_invalid_hostname, >> reject_unauth_pipelining, reject_non_fqdn_sender, >> reject_unknown_sender_domain, reject_non_fqdn_recipient, >> reject_unknown_recipient_domain, reject_unlisted_sender, >> reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender >> dbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rbl_client >> b.barracudacentral.org, reject_rbl_client cbl.abuseat.org, >> reject_rbl_client dyna.spamrats.com, reject_rbl_client bl.spamcop.net, >> reject_rbl_client zen.spamhaus.org, reject_rbl_client opm.blitzed.org, >> reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net, >> reject_rbl_client db.wpbl.info, permit >> >> >> I change my rbl lists and will see did they work, but this >> check_recipient_access pcre:/etc/postfix/recipient_checks.pcre still >> does >> not work. I change my file as you tell me: >> /^@/ REJECT 550 Invalid address format. >> /[!%@].*@/ REJECT 550 This server disallows weird address syntax. >> /^postmaster@/ OK >> /^hostmaster@/ OK >> /^abuse@/ OK >> /^nobody@/ REJECT 550 User is unknow. >> >> Reload postfix configuration once and after that i still can receive >> email >> to nobody mailbox. >> I can't find why isn't work. Any advice what i can do ? I change to >> check_recipient_access to hash:/etc/postix/block that contain >> nob...@my-domain.com REJECT Go away postmap and reload but again does >> not >> work. Server just pass the mail to nobody. >> > > How are you testing it? Show postfix logging of unwanted mail > being accepted. > > > -- Noel Jones >
Here is the log file sent from my yahoo account, i replace yahoo.com with yahoo-mail.com to did not receive spam from bots.. Jan 22 16:59:59 www postfix/smtpd[21535]: connect from web36803.mail.mud.yahoo.com[209.191.85.54] Jan 22 16:59:59 www dkimproxy.in[31073]: connect from 127.0.0.1 Jan 22 16:59:59 www dkimproxy.out[8864]: connect from 127.0.0.1 Jan 22 16:59:59 www postfix/smtpd[21539]: connect from localhost[127.0.0.1] Jan 22 16:59:59 www postfix/smtpd[21535]: NOQUEUE: client=web36803.mail.mud.yahoo.com[209.191.85.54] Jan 22 16:59:59 www postfix/smtpd[21539]: BBF49104E5C: client=localhost[127.0.0.1] Jan 22 17:00:00 www dkimproxy.in[31073]: DKIM verify - pass; message-id=<120241.54679...@web36803.mail.mud.yahoo.com>, signer=<con...@yahoo-mail.com>, from=<con...@yahoo-mail.com> Jan 22 17:00:00 www dkimproxy.out[8864]: DKIM signing - skipped; message-id=<120241.54679...@web36803.mail.mud.yahoo.com>, from=<con...@yahoo-mail.com> Jan 22 17:00:00 www postfix/cleanup[21540]: BBF49104E5C: message-id=<120241.54679...@web36803.mail.mud.yahoo.com> Jan 22 17:00:00 www postfix/qmgr[11730]: BBF49104E5C: from=<con...@yahoo-mail.com>, size=2111, nrcpt=1 (queue active) Jan 22 17:00:00 www postfix/smtpd[21535]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok: queued as BBF49104E5C; from=<con...@yahoo-mail.com> to=<nob...@my-domain.com> proto=SMTP helo=<web36803.mail.mud.yahoo.com> Jan 22 17:00:00 www spamd[1613]: spamd: connection from localhost [127.0.0.1] at port 39319 Jan 22 17:00:00 www spamd[1613]: spamd: handle_user unable to find user: 'nob...@stz-bg.com' Jan 22 17:00:00 www spamd[1613]: spamd: processing message <120241.54679...@web36803.mail.mud.yahoo.com> for nob...@my-domain.com:1002 Jan 22 17:00:01 www spamd[1613]: Use of uninitialized value in lc at /usr/lib/perl5/site_perl/5.12.2/Mail/SpamAssassin/Plugin/MIMEEval.pm line 501, <GEN467> line 40. Jan 22 17:00:01 www postfix/smtpd[21535]: disconnect from web36803.mail.mud.yahoo.com[209.191.85.54] Jan 22 17:00:09 www spamd[1613]: spamd: clean message (-0.1/5.0) for nob...@my-domain.com:1002 in 9.1 seconds, 2143 bytes. Jan 22 17:00:09 www spamd[1613]: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL scantime=9.1,size=2143,user=nob...@my-domain.com,uid=1002,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=39319,mid=<120241.54679...@web36803.mail.mud.yahoo.com>,autolearn=ham Jan 22 17:00:10 www dovecot: lda(nob...@my-domain.com): sieve: msgid=<120241.54679...@web36803.mail.mud.yahoo.com>: stored mail into mailbox 'INBOX' Jan 22 17:00:10 www postfix/pipe[21541]: BBF49104E5C: to=<nob...@my-domain.com>, relay=dovecot, delay=10, delays=1.1/0.01/0/9.2, dsn=2.0.0, status=sent (delivered via dovecot service) Jan 22 17:00:10 www postfix/qmgr[11730]: BBF49104E5C: removed Jan 22 17:00:10 www spamd[1609]: prefork: child states: II -- Regards, Condor
