Thank you for answer !
Effectivly, I change my :
smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10031 defer
to
smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10031, permit
And when I try to send mail it works!
But when I try to send more than 10 mail I still can. There is what I
can see in my cbpolicyd.log :
[2011/08/30-11:07:42 - 8277] [POLICIES] DEBUG: END RESULT: prio=0 =>
policy ids: 1
[2011/08/30-11:07:42 - 8277] [TRACKING] DEBUG: Policy resolved into: $VAR1 = {
'0' => [
'1'
]
};
[2011/08/30-11:07:42 - 8277] [TRACKING] DEBUG: Request translated into
session data: $VAR1 = {
'Recipient' => '[email protected]',
'SASLUsername' => '',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '211d.4e5ca85e.6bb58.0',
'EncryptionCipher' => '',
'Size' => '362',
'EncryptionKeySize' => '0',
'ParsedClientAddress' => {
'Broadcast_Long' => 3232279125,
'Network' => '192.168.170.85',
'IP_Long' => 3232279125,
'Broadcast' => '192.168.170.85',
'IP' => '192.168.170.85',
'Mask_Long' => 4294967295,
'Network_Long' => 3232279125
},
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => '',
'Helo' => '[192.168.170.85]',
'ClientAddress' => '192.168.170.85',
'ClientName' => 'unknown',
'Sender' => '[email protected]',
'SASLSender' => '',
'Timestamp' => 1314695262,
'ProtocolState' => 'RCPT',
'Policy' => {
'0' => [
'1'
]
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'unknown',
'SASLMethod' => ''
};
[2011/08/30-11:07:42 - 8277] [CBPOLICYD] DEBUG: Got request, running modules...
[2011/08/30-11:07:42 - 8277] [CBPOLICYD] DEBUG: Running module: Access
Control Plugin
[2011/08/30-11:07:42 - 8277] [CBPOLICYD] DEBUG: Running module:
HELO/EHLO Check Plugin
[2011/08/30-11:07:42 - 8277] [CBPOLICYD] DEBUG: Running module: SPF Check Plugin
[2011/08/30-11:07:42 - 8277] [CBPOLICYD] DEBUG: Running module:
Greylisting Plugin
[2011/08/30-11:07:42 - 8277] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2011/08/30-11:07:42 - 8277] [CBPOLICYD] DEBUG: Done with modules
[2011/08/30-11:08:12 - 8234] [CORE] INFO: Killing "1" children
[2011/08/30-11:08:12 - 8277] [CBPOLICYD] DEBUG: Shutting down caching
engine (8277)
And into my mail.log :
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: connection established
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: master_notify: status 0
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: name_mask: resource
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: name_mask: software
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: connect from
unknown[192.168.170.85]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_list_match:
unknown: no match
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_list_match:
192.168.170.85: no match
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_list_match:
unknown: no match
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_list_match:
192.168.170.85: no match
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? 127.0.0.0/8
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? 127.0.0.0/8
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? [::ffff:127.0.0.0]/104
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? [::ffff:127.0.0.0]/104
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? [::1]/128
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? [::1]/128
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? 192.168.170.0/24
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? 192.168.170.0/24
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 220 testing-puppet.net4all.ch ESMTP Postfix
(Debian/GNU)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: <
unknown[192.168.170.85]: EHLO [192.168.170.85]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250-testing-puppet.net4all.ch
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250-PIPELINING
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250-SIZE 10240000
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250-VRFY
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250-ETRN
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_list_match:
unknown: no match
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_list_match:
192.168.170.85: no match
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250-STARTTLS
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250-ENHANCEDSTATUSCODES
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250-8BITMIME
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250 DSN
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: <
unknown[192.168.170.85]: MAIL FROM:<[email protected]> SIZE=362
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: extract_addr:
input: <[email protected]>
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: smtpd_check_addr:
[email protected]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: ctable_locate:
leave existing entry key [email protected]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: extract_addr: in:
<[email protected]>, result: [email protected]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: fsspace: .: block
size 4096, blocks free 4426487
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: smtpd_check_queue:
blocks 4096 avail 4426487 min_free 0 msg_size_limit 10240000
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250 2.1.0 Ok
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: <
unknown[192.168.170.85]: RCPT TO:<[email protected]>
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: extract_addr:
input: <[email protected]>
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: smtpd_check_addr:
[email protected]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: ctable_locate:
leave existing entry key [email protected]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: extract_addr: in:
<[email protected]>, result: [email protected]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >>> START Sender
address RESTRICTIONS <<<
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: generic_checks:
name=check_policy_service
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: trying... [127.0.0.1]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: auto_clnt_open:
connected to 127.0.0.1:10031
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr request
= smtpd_access_policy
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
protocol_state = RCPT
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
protocol_name = ESMTP
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
client_address = 192.168.170.85
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
client_name = unknown
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
reverse_client_name = unknown
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
helo_name = [192.168.170.85]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr sender =
[email protected]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
recipient = [email protected]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
recipient_count = 0
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr queue_id =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr instance
= 211d.4e5ca85e.6bb58.0
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr size = 362
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr etrn_domain =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr stress =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr sasl_method =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr sasl_username =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr sasl_sender =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr ccert_subject =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr ccert_issuer =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
ccert_fingerprint =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
encryption_protocol =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
encryption_cipher =
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr
encryption_keysize = 0
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: 127.0.0.1:10031:
wanted attribute: action
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute name: action
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute value: DUNNO
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: 127.0.0.1:10031:
wanted attribute: (list terminator)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute name: (end)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]:
check_table_result: inet:127.0.0.1:10031 DUNNO policy query
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: generic_checks:
name=check_policy_service status=0
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: generic_checks: name=permit
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: generic_checks:
name=permit status=1
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >>> START
Recipient address RESTRICTIONS <<<
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: generic_checks:
name=permit_mynetworks
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: permit_mynetworks:
unknown 192.168.170.85
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? 127.0.0.0/8
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? 127.0.0.0/8
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? [::ffff:127.0.0.0]/104
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? [::ffff:127.0.0.0]/104
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? [::1]/128
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? [::1]/128
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? 192.168.170.0/24
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? 192.168.170.0/24
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: generic_checks:
name=permit_mynetworks status=1
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >>> CHECKING
RECIPIENT MAPS <<<
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: ctable_locate:
leave existing entry key [email protected]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: maps_find:
recipient_canonical_maps: [email protected]: not found
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_string:
gmail.com ~? testing-puppet.net4all.ch
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_string:
gmail.com ~? localhost.net4all.ch
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_string:
gmail.com ~? localhost
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_list_match:
gmail.com: no match
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: maps_find:
recipient_canonical_maps: @gmail.com: not found
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: mail_addr_find:
[email protected] -> (not found)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: maps_find:
canonical_maps: [email protected]: not found
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_string:
gmail.com ~? testing-puppet.net4all.ch
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_string:
gmail.com ~? localhost.net4all.ch
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_string:
gmail.com ~? localhost
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_list_match:
gmail.com: no match
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: maps_find:
canonical_maps: @gmail.com: not found
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: mail_addr_find:
[email protected] -> (not found)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: maps_find:
virtual_alias_maps: [email protected]: not found
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_string:
gmail.com ~? testing-puppet.net4all.ch
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_string:
gmail.com ~? localhost.net4all.ch
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_string:
gmail.com ~? localhost
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_list_match:
gmail.com: no match
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: maps_find:
virtual_alias_maps: @gmail.com: not found
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: mail_addr_find:
[email protected] -> (not found)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]:
smtpd_check_rewrite: trying: permit_inet_interfaces
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]:
permit_inet_interfaces: unknown 192.168.170.85
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: before
input_transp_cleanup: cleanup flags = enable_header_body_filter
enable_automatic_bcc enable_address_mapping enable_milters
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: after
input_transp_cleanup: cleanup flags = enable_header_body_filter
enable_automatic_bcc enable_address_mapping
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: connect to
subsystem public/cleanup
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: public/cleanup
socket: wanted attribute: queue_id
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute
name: queue_id
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute
value: 87362240C1
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: public/cleanup
socket: wanted attribute: (list terminator)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute name: (end)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: send attr flags = 178
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: 87362240C1:
client=unknown[192.168.170.85]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250 2.1.5 Ok
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: <
unknown[192.168.170.85]: DATA
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 354 End data with <CR><LF>.<CR><LF>
Aug 30 11:07:42 testing-puppet postfix/cleanup[8482]: 87362240C1:
message-id=<[email protected]>
Aug 30 11:07:42 testing-puppet postfix/qmgr[8476]: 87362240C1:
from=<[email protected]>, size=555, nrcpt=1 (queue active)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: public/cleanup
socket: wanted attribute: status
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute name: status
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute value: 0
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: public/cleanup
socket: wanted attribute: reason
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute name: reason
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute value: (end)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: public/cleanup
socket: wanted attribute: (list terminator)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: input attribute name: (end)
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 250 2.0.0 Ok: queued as 87362240C1
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: <
unknown[192.168.170.85]: QUIT
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: >
unknown[192.168.170.85]: 221 2.0.0 Bye
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? 127.0.0.0/8
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? 127.0.0.0/8
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? [::ffff:127.0.0.0]/104
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? [::ffff:127.0.0.0]/104
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? [::1]/128
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? [::1]/128
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostname:
unknown ~? 192.168.170.0/24
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: match_hostaddr:
192.168.170.85 ~? 192.168.170.0/24
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: disconnect from
unknown[192.168.170.85]
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: master_notify: status 1
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: connection closed
Aug 30 11:07:42 testing-puppet postfix/smtpd[8477]: auto_clnt_close:
disconnect 127.0.0.1:10031 stream
Aug 30 11:07:43 testing-puppet postfix/smtp[8483]: 87362240C1:
to=<[email protected]>,
relay=gmail-smtp-in.l.google.com[74.125.79.27]:25, delay=0.72,
delays=0.2/0/0.18/0.34, dsn=2.0.0, status=sent (250 2.0.0 OK
1314695263 a7si4618920een.101)
Aug 30 11:07:43 testing-puppet postfix/qmgr[8476]: 87362240C1: removed
What do you think ? My rules aren't right? Or I missed something in
the configuration of Postfix/Policyd ?
BTW, thank you for advices for spams.
Roland
2011/8/30 Simon Hobson <[email protected]>:
> Roland Vogt wrote:
>
>>I'm using Cluebringer with Postfix and I have some troubles. When I
>>try to send a mail from Thunderbird, I get this error : "Sender
>>address rejected, try again later".
>
>
>
>>Aug 30 09:18:34 testing-puppet postfix/smtpd[7331]: 127.0.0.1:10031:
>>wanted attribute: action
>>Aug 30 09:18:34 testing-puppet postfix/smtpd[7331]: input attribute
>>name: action
>>Aug 30 09:18:34 testing-puppet postfix/smtpd[7331]: input attribute
>>value: DUNNO
>>Aug 30 09:18:34 testing-puppet postfix/smtpd[7331]: 127.0.0.1:10031:
>>wanted attribute: (list terminator)
>>Aug 30 09:18:34 testing-puppet postfix/smtpd[7331]: input attribute
>>name: (end)
>>Aug 30 09:18:34 testing-puppet postfix/smtpd[7331]:
>>check_table_result: inet:127.0.0.1:10031 DUNNO policy query
>
> OK, so this bit says the policy server said "DUNNO", so Postfix then
> moves on to the next check :
>
>>Aug 30 09:18:34 testing-puppet postfix/smtpd[7331]: generic_checks:
>>name=check_policy_service status=0
>>Aug 30 09:18:34 testing-puppet postfix/smtpd[7331]: generic_checks: name=defer
>
> And the next check said defer, so that's what Postfix said to the client :
>
>>Aug 30 09:18:34 testing-puppet postfix/smtpd[7331]: NOQUEUE: reject:
>>RCPT from unknown[192.168.170.85]: 450 4.3.2 <[email protected]>:
>>Sender address rejected: Try again later; from=<[email protected]>
>>to=<[email protected]> proto=ESMTP helo=<[192.168.170.85]>
>
>
>
>>[main.cf]
>> ...
>>smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10031 defer
>>#smtpd_recipient_restrictions = check_policy_service
>>inet:192.186.254.242:10031 defer
>>#smtpd_end_of_data_restrictions = check_policy_service
>>inet:192.168.254.242:10031 defer
>
> Both these checks say that if a previous check doesn't explicitly say
> yes, then defer the mail. Cluebringer only says "no" (reject or
> defer), or "dunno" which means "it passes my checks, see what else
> you've got". If it said "yes" then it would make it far less flexible
> as it would mean you couldn't have any other useful checks after the
> call to Cluebringer.
>
> I'd strongly recommend you put a bit more in your sender and client
> checks. There are a few simple things you can add that will help a
> lot with spam.
>
>
> FYI, here's an extract from my main.cf. I'll leave you to look up
> what each check is doing (http://www.postfix.org/postconf.5.html) -
> one's that help enormously with spam are :
> reject_non_fqdn_hostname,
> reject_invalid_hostname,
> smtpd_helo_required = yes
> These require the client to send a "HELO" or "EHLO" command, and
> reject clients that don't supply a valid FQDN - but don't be tempted
> to try doing a DNS lookup (reject_unknown_helo_hostname) on it to
> verify as that creates no end of false positives.
>
> reject_unauth_pipelining,
> Then many spammers ignore some protocol niceties and just spew data
> at use, so we reject them.
>
> check_helo_access hash:/etc/postfix/helo_access,
> This one lets us have a black/whitelist of things that can be in the
> HELO field, and contains things like :
> <our FQDN> 500 Error validating hostname, connection rejected.
> <our IP address> 500 Error validating hostname, connection rejected.
> As I've found a lot of spammers will just use our hostname or address
> in their HELO command.
>
> Then notice that all of the restrictions sections end with "permit".
> Pretty well all the checks are negative only - ie they can say no,
> but don't say yes (only "dunno"). I think permit is inferred, but I'm
> one for explicit outcomes.
> So, each check has a chance to say no - in which case the mail is
> rejected; otherwise it says dunno and Postfix falls through to the
> next step.
>
> # Requirements for the HELO statement
> smtpd_helo_restrictions =
> check_client_access cidr:/etc/postfix/host_access,
> permit_mynetworks,
> permit_sasl_authenticated,
> check_helo_access hash:/etc/postfix/helo_access,
> reject_non_fqdn_hostname,
> reject_invalid_hostname,
> permit
>
> # Requirements for the sender details
> smtpd_sender_restrictions =
> check_client_access cidr:/etc/postfix/host_access,
> permit_mynetworks,
> hash:/etc/postfix/access,
> permit_sasl_authenticated,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> permit
>
> ## Requirements for the connecting server
> smtpd_client_restrictions =
> permit_mynetworks,
> check_client_access cidr:/etc/postfix/blacklist,
> permit
>
> # Requirement for the recipient address
> smtpd_recipient_restrictions =
> permit_mynetworks,
> reject_unauth_pipelining,
> check_client_access cidr:/etc/postfix/host_access,
> check_policy_service inet:<some IP>:10031,
> permit_sasl_authenticated,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_unlisted_recipient,
> reject_unauth_destination,
> reject_rbl_client zen.spamhaus.org,
> permit
>
>
> smtpd_end_of_data_restrictions =
> check_policy_service inet: <some IP>:10031,
> permit
>
>
> ## require proper helo at connections
> smtpd_helo_required = yes
> ## waste spammers time before rejecting them
> smtpd_delay_reject = yes
> disable_vrfy_command = yes
>
> --
> Simon Hobson
>
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.policyd.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
