Petre Bandac wrote:
salut
am vazut ca pe aici sunt cativa doctori in postfix
am urmatoarea problema:
2 servere, fiecare este secondary mx ptr celalalt; vreau sa faca relay
unul ptr celalalt si sa foloseasca si rbl-urile
daca pun permit_mx_backup la inceput, nu mai ajunge la partea de rbl;
daca il pun unde este acum, nu face relay ptr domeniile care sunt
secondary mx
care este explicatia ?
multumesc,
petre
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
permit_mynetworks,
check_client_access hash:/etc/postfix/pop-before-smtp,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client list.dsbl.org
reject_rbl_client relays.ordb.org
reject_rbl_client opm.blitzed.org
reject_rbl_client dul.dnsbl.sorbs.net
reject_rbl_client sbl.spamhaus.org
reject_unauth_destination,
reject_unknown_recipient_domain,
permit_mx_backup,
reject
Incearca fara "," intre randuri, conform documentatiei de pe
postfix.org. De exemplu:
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
permit_mynetworks
check_client_access hash:/etc/postfix/pop-before-smtp
reject_unauth_pipelining
reject_invalid_hostname
reject_non_fqdn_hostname
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client list.dsbl.org
reject_rbl_client relays.ordb.org
reject_rbl_client opm.blitzed.org
reject_rbl_client dul.dnsbl.sorbs.net
reject_rbl_client sbl.spamhaus.org
reject_unauth_destination
reject_unknown_recipient_domain
permit_mx_backup
reject
In configuratia pe care ai trimis-o tu, pe alocuri foloseai virgula, pe
alocuri nu. Probabil ai facut copy-paste la portiunea de reject_rbl de
undeva. In orice caz, nu folosi virgula. Da un "postfix check" dupa.
De asemenea ai grija sa nu ai spatiu inaintea lui
smtpd_recipient_restrictions.
Ai verificat cumva daca secondary mx IP este in vreuna din
blacklist-urile RBL? Sau daca respecta restrictiile pe care le-ai impus
mai sus?
Pentru a deveni relay catre un domeniu (deci secondary MX backup), e
suficient sa adaugi domeniul in:
relay_domains = $mydestination,domain1.ro,domain2.ro
si postfix se descurca cu delivery-ul. E recomandat sa adaugi si o ruta
SMTP directa catre serverul cu pricina, eventual fara MX lookup. Vezi
man 5 transport, spre final.
Pe de alta parte, daca nu ma insel, reject_rbl_client se foloseste la
categoria smtpd_client_restrictions, si nu la recipient_restrictions,
intrucat recipientul e una, si clientul e alta. Recipientul e "envelopa"
destinatie (adresa RFC2821 a uneia din destinatii, intrucat sunt
transmise individual sub forma de lista de recipienti), iar prin client
se intelege in cazul RBL adresa de IP a clientului care initiaza un
dialog SMTP/ESMTP.
Client mai poate sa insemne si alte atribute legate de expeditor, dar
aici e vorba de adresa IP a clientului.
Deci pune fiecare la locul potrivit si va fi ok. :)
Scuze daca am imbarligat explicatiile, sunt varza de somn.
Cheers,
--
Alin-Adrian Anton
GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785 2F7C 5823 ABA0 1830 87BA)
gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA
"It is dangerous to be right when the government is wrong." - Voltaire
________________________________________________________
To unsubscribe send a mail to [EMAIL PROTECTED]
