Here is my personal MX MSA on single Linux box.
/etc/postfix/ is null
/etc/postfix-msa/ is the mail submission agent on port 587 and smpts on port
465
/etc/postfix-mx/ is the mail exchanger on port 25
/etc/postfix/main.cf:
# Mail Submission Agent (MSA)
# Mail Exchanger (MX)
One of my favorite anti spam measures is auto add repeat RBL hits, no PTR
hits, etc. to system firewall.
Here are a few entire network permanent firewall blocks for example as well.
ARIN--Level3-Sendlabs-DynDNS.org___-CIDR[63.209.253.224/27]
Which makes their domain an easy target for block lists.
http://www.spamhaus.org/query/dbl?domain=takeprettypictures.net
--
From: mouss mo...@ml.netoyen.net
Sent: Sunday, September 26, 2010 1:38 PM
To: postfix-users@postfix.org
Subject: Re: SPF
.*
--
From: Patrick Lists postfix-l...@puzzled.xs4all.nl
Sent: Monday, August 30, 2010 2:34 PM
To: postfix-users@postfix.org
Subject: Regexp for blocking dynamic hosts?
Hi,
I got a lot of spam lately from dynamic hosts so gradually I have been
With smtpd_delay_reject = yes
Which of the restriction sections was the following logged rejection for?
Or put another way, in which of the restriction sections was the rejection
option reject_rbl_client pbl.spamhaus.org that resulted in the logged
rejection?
Restriction Options:
When using the smtpd_delay_reject = yes option, all log messages indicate
RCPT stage rejection. e.g. ... NOQUEUE: reject: RCPT from ...; regardless of
which type of restriction an option is listed under.
For instance a rejection based on the following will indicate RCPT rather than
CONNECT as
Yes it does cause a problem.
It does not indicate the stage the rejection is associated with (CONNECT,
HELO, FROM, RCPT, etc.).
--
From: Noel Jones njo...@megan.vbhcs.org
Sent: Tuesday, August 10, 2010 1:27 PM
To: postfix-users@postfix.org
Technically correct yet totally useless. You would be perfect Microsoft
employee.
(lookup the joke about helicopter pilot and Microsoft)
--
From: Ralf Hildebrandt ralf.hildebra...@charite.de
Sent: Tuesday, August 10, 2010 1:23 PM
To:
http://www.openspf.org/
--
From: donovan jeffrey j dono...@beth.k12.pa.us
Sent: Sunday, August 08, 2010 10:48 AM
To: Postfix users postfix-users@postfix.org
Subject: need help with forged To and From
greetings
this weekend I have been hit with a
Very aware spammers can create their own domains and and SPF records. They
can do essentially the same thing with any anti spam measures. And I have
see a number of them do just that, an SPF record of entire IPv4 address
space (0.0.0.0/0). But guess what, everyone of them has been in an
That is what I thought. You really don't have an objection or case to back
it up so reveal your true nature by attacking with personal criticism
rather than sticking to the subject matter and making your case.
--
From: John R. Dennison
Those who wish to make use of it can do so.
From: Jeroen Geilman
Sent: Saturday, July 03, 2010 11:46 AM
To: postfix-users@postfix.org
Subject: Re: Postfix.org SPF
On 07/03/2010 08:45 PM, junkyardma...@verizon.net wrote:
How about publishing an SPF record for postfix.org.
This would
Some do not accept email from domains whose owner does not publish the
servers they authorize to transfer mail for their domain.
--
From: Sahil Tandon sa...@freebsd.org
Sent: Saturday, July 03, 2010 11:53 AM
To: postfix-users@postfix.org
Subject:
What is stupid is to be so opposed to anti spam tools that have no
significant downside.
Makes one wonder about true motives.
--
From: Matt Hayes domin...@slackadelic.com
Sent: Sunday, July 04, 2010 7:29 PM
To: postfix-users@postfix.org
Subject:
US financial services industry group endorses SPF, so most banks, credit
unions, brokerages, etc. publish an SPF record.
MAAWG: At the very least, senders should incorporate SPF records for their
mailing domains.
Austrailan DoD Recommends SPF
Google.com, GoogleMail.com, Gmail.com,
My original post was regarding postfix. But you and others who seemed more
interested in taking it off topic to squelch the request for postfix.org to
publish an SPF record.
I oblige the challenge and then you all start complain about thread being
off topic. Well it wouldn't be off topic if
How about publishing an SPF record for postfix.org.
This would work well:
v=spf1 mx include:cloud9.net ~all
http://openspf.org/
http://old.openspf.org/wizard.html?mydomain=Postfix.org
Have you verified your MTA's are not on a Black/Block list? Maybe
draxlerinsurance.com has firewalled you off. I know I would.
http://www.mxtoolbox.com/blacklists.aspx
[r...@vps1 ~]# telnet 67.227.17.37 25
Trying 67.227.17.37...
Connected to 67.227.17.37.
Escape character is '^]'.
220
Oh and here is another thought.
Go back to the very first failure occurrence for draxlerinsurance.com and
see what the cause of that very first rejection was.
--
From: junkyardma...@verizon.net
Sent: Saturday, July 03, 2010 7:42 PM
To: Asai
Already have a home grown log scrapper dynamically managing (add/remove)
firewall rules and love the results.
Not only have bad behaving bots disappeared but there seems to be fewer spam
attempts for unique clients as well. Leaving log files much less cluttered
and much smaller. When I say
Is it possible to execute a system command upon the following smtpd client
restriction rejections?
smtpd_client_restrictions =
reject_rbl_client zen.spamhaus.org,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname
Would like to automate insertion of client IP address into
21 matches
Mail list logo