Hi,
I have postfix up and running for sometime now, I've fine tuned many of the config options, but I'm stilling getting the odd spammer getting through. The problem I'm having is spammers that are on the various blacklists seem to be able to connect and send email, and only caught out/blocked when they trigger other things, like no PTR record, etc. Why is postfix ignoring the blacklists?
my main.cf has these entries:
smtpd_client_restrictions =
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
and also:
smtpd_recipient_restrictions =
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
But many spammers on those lists have sent email through my server (provided they dont trigger any other blocking rule).
This is my main.cf:
mydomain = x.com
myhostname = mail.x.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.$mydomain, $mydomain, $myhostname, localhost.com.au, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_connection_count_limit = 2
smtpd_client_connection_rate_limit = 2
smtpd_client_message_rate_limit = 2
smtpd_client_recipient_rate_limit = 5
smtpd_client_new_tls_session_rate_limit = 2
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
anvil_rate_time_unit = 2s
smtpd_client_message_rate_limit = 2
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rhsbl_helo bl.spamcop.net,
reject_rhsbl_helo zen.spamhaus.org,
reject_rhsbl_helo cbl.abuseat.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname,
reject_unknown_sender_domain,
reject_unverified_sender,
permit
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_auth_destination,
permit_dnswl_client swl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
reject_unknown_recipient_domain,
reject_unverified_recipient,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_auth_destination,
permit_dnswl_client swl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_unknown_reverse_client_hostname,
reject_rhsbl_helo dbl.spamhaus.org,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
reject_unknown_recipient_domain,
reject_unverified_recipient,
permit
default_destination_rate_delay = 3s
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
virtual_alias_domains = ......
virtual_alias_maps = hash:/etc/postfix/virtual
I have postfix up and running for sometime now, I've fine tuned many of the config options, but I'm stilling getting the odd spammer getting through. The problem I'm having is spammers that are on the various blacklists seem to be able to connect and send email, and only caught out/blocked when they trigger other things, like no PTR record, etc. Why is postfix ignoring the blacklists?
my main.cf has these entries:
smtpd_client_restrictions =
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
and also:
smtpd_recipient_restrictions =
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
But many spammers on those lists have sent email through my server (provided they dont trigger any other blocking rule).
This is my main.cf:
mydomain = x.com
myhostname = mail.x.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.$mydomain, $mydomain, $myhostname, localhost.com.au, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_connection_count_limit = 2
smtpd_client_connection_rate_limit = 2
smtpd_client_message_rate_limit = 2
smtpd_client_recipient_rate_limit = 5
smtpd_client_new_tls_session_rate_limit = 2
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
anvil_rate_time_unit = 2s
smtpd_client_message_rate_limit = 2
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rhsbl_helo bl.spamcop.net,
reject_rhsbl_helo zen.spamhaus.org,
reject_rhsbl_helo cbl.abuseat.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname,
reject_unknown_sender_domain,
reject_unverified_sender,
permit
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_auth_destination,
permit_dnswl_client swl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
reject_unknown_recipient_domain,
reject_unverified_recipient,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_auth_destination,
permit_dnswl_client swl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_unknown_reverse_client_hostname,
reject_rhsbl_helo dbl.spamhaus.org,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
reject_unknown_recipient_domain,
reject_unverified_recipient,
permit
default_destination_rate_delay = 3s
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
virtual_alias_domains = ......
virtual_alias_maps = hash:/etc/postfix/virtual