On Tue, Apr 26, 2011 at 6:16 AM, Noel Jones <njo...@megan.vbhcs.org> wrote:
> On 4/26/2011 3:00 AM, Fire walls wrote: > >> >> Had been reading a postfix manuals and info from Internet. >> >> I'm running spam server with FreeBSD 8.2 + Postfix 2.8.x, >> single domain. >> >> Internet -->spam server--> mail server -->Internal Network. >> >> The gateway is working, but I still doing changes to block >> most of the spam that touch my server, I'm working right now >> just with Postfix, latter I will continue with clamais,amavis,sa. >> >> Now, I want to use the smtpd_recipient_restrictions -> >> reject_rbl_client blackholes. >> >> I want to enable zen spamhaus org >> >> But once I reload or restart Postfix, the function of this >> feature is to check if the from is in the list right? >> >> smtpd_recipient_restrictions = >> permit_mynetworks, >> reject_unauth_destination, >> reject_non_fqdn_hostname, >> reject_non_fqdn_sender, >> reject_non_fqdn_recipient, >> reject_invalid_hostname, >> reject_non_fqdn_helo_hostname, >> reject_unknown_sender_domain, >> reject_unknown_recipient_domain, >> check_recipient_access >> pcre:/usr/local/etc/postfix/recipient_checks.pcre, >> check_helo_access >> hash:/usr/local/etc/postfix/helo_checks, >> check_sender_access >> hash:/usr/local/etc/postfix/sender_checks, >> check_client_access >> hash:/usr/local/etc/postfix/client_checks, >> reject_rbl_client zen spamhaus org, >> > > It must have periods in it, > > reject_rbl_client zen.spamhaus.org > > Without the periods it will create an error in your maillog. If there is no > error, then either this isn't the config you're really using, or one of your > earlier rules is returning OK or permit. > > My settings have period,I just remove from here,sorry: reject_rbl_client zen.spamhaus.org check_policy_service inet:192.168.40.5:10023 > > > check_policy_service inet:192 168 40 5:10023, >> > > Does this policy service work as expected? It doesn't have any periods in > the IP address and should also generate an error. > > Yes,works. > permit >> >> But my log don't show any info about went postfix check >> spamhaus, my fw won't show any blocks. >> > > Next time show us "postconf -n" output rather than random snippings. > > Enable query logging in your DNS server to see if spamhaus.org lookups are > being performed. > > > If I test the domain in my dns server an resolve without issue. dig spamhaus.org > >> Next,for a gateway spam server, the _rbl_client is better to >> be in the smtpd_recipients_restrictions? >> > > Most people put it in smtpd_recipient_restrictions, just after > reject_unauth_destination and an optional check_client_access whitelist. > > > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > # uncomment next line if you need a client whitelist > # check_client_access cidr:/etc/postfix/client_whitelist.cidr > > reject_rbl_client zen.spamhaus.org > ... other local restrictions ... > > > where the optional client_whitelist contains IPs of clients you want mail > from that might otherwise be rejected by zen (or other local rules). > > > -- Noel Jones > I want to add, that I can receive mails from know outside users and they pass all the rules but never see my server check the spamhaus.org or my default log level won't show them? Peter I will remove some checks, I have a lot. Thanks!!! -- :-)