[PLUG] Postfix whitelist?

Steven Raymond stever at woo-hoo.com
Sat Jun 7 20:52:01 UTC 2003 

Funny note, I could not even _send_ this email to PLUG outbound through my
mail server because it contained the phrase "You are receiving this email
because you..." is blocked by the body_checks file.  I had to temporarily
disable it for the mail to be relayed.
Doesn't that sound like I have a real misconfiguration somewhere?  I did
not think that anything in mynetworks was subject to the spam filters on
outgoing mail, just inbound from the world.
Thanks


> Well, I still haven't been able to get this to work.  Here's what my
> main.cf looks like:
>
> smtpd_recipient_restrictions =
>         permit_mynetworks,
>         check_client_access hash:/etc/postfix/badip,
>         check_client_access hash:/etc/postfix/badaddr,
>         check_sender_access hash:/etc/postfix/badaddr,
>         check_recipient_access hash:/etc/postfix/access,
>         reject_maps_rbl,
>         reject_unknown_sender_domain,
>         reject_unauth_pipelining,
>         reject_unknown_recipient_domain,
>         reject_non_fqdn_sender,
>         reject_non_fqdn_recipient,
>         reject_non_fqdn_hostname,
>         reject_unknown_sender_domain,
>         reject_unknown_hostname,
>         check_relay_domains
>
> body_checks = regexp:/etc/postfix/body_checks
> header_checks = regexp:/etc/postfix/header_checks
>
> smtpd_client_restrictions =
>         permit_mynetworks,
>         reject_maps_rbl,
>         check_client_access hash:/etc/postfix/access,
>         permitsmtpd_helo_required = yes
> smtpd_helo_restrictions =
>         permit_mynetworks,
>         reject_maps_rbl,
>         check_helo_access hash:/etc/postfix/access,
>         reject_non_fqdn_hostname,
>         reject_unknown_sender_domain,
>         reject_unknown_hostname,
>         reject_invalid_hostname,
>         permit
>
> smtpd_sender_restrictions =
>         permit_mynetworks,
>         reject_maps_rbl,
>         check_sender_access hash:/etc/postfix/access,
>         reject_non_fqdn_hostname,
>         reject_invalid_hostname,
>         reject_non_fqdn_sender,
>         reject_unknown_sender_domain,
>         reject_unknown_hostname,
>         permit
>
> Here's the /etc/postfix/badip and badaddr files (and I did run 'postmap
> badip' then 'postmap badaddr' which generates the .db files)
> [root at sparky postfix]# cat badip
> 12.129.211.145                  OK
> [root at sparky postfix]# cat badaddr
> ipowerweb.com                   OK
>
> Still get a rejection like below:
> Jun  7 20:24:16 sparky postfix/smtpd[19754]: connect from
> host45.ipowerweb.com[12.129.211.145]
> Jun  7 20:24:16 sparky postfix/smtpd[19754]: 956E87E80E8:
> client=host45.ipowerweb.com[12.129.211.145]
> Jun  7 20:24:17 sparky postfix/cleanup[19755]: 956E87E80E8:
> message-id=<E19OqnT-000662-00 at host45.ipowerweb.com>
> Jun  7 20:24:17 sparky postfix/cleanup[19755]: 956E87E80E8: reject: body
> You are receiving this email because you have (or someone pretending to
> be you has) requested a new password be sent for your account on
> ClubCivic.com. If you did not request this email then please ig;
> from=<nobody at host45.ipowerweb.com> to=<clubcivic at woo-hoo.com>: Message
> content rejected
> Jun  7 20:24:22 sparky postfix/smtpd[19754]: disconnect from
> host45.ipowerweb.com[12.129.211.145]
>
> I presume that the "Message content rejected" is due to the body_checks
> filters.  Is it something easy I'm screwing up, like the order of
> appearance of the filter checks in main.cf?  I've done a 'service
> postfix restart' in between each change- that should get it to reload
> main.cf I'm sure.
>
> Any other ideas?  This is driving me nuts!
>
> Thanks
>
>
>> On Tue, 27 May 2003, Steven Raymond wrote:
>>
>>> What does your entry in main.cf look like which refers to the
>>> "badaddr|badip" files?
>>
>> smtpd_recipient_restrictions =
>>         permit_mynetworks,
>>         reject_unauth_destination,
>>         check_client_access hash:/etc/postfix/badip,
>>         check_client_access hash:/etc/postfix/badaddr,
>>         check_helo_access hash:/etc/postfix/helo_checks,
>>         check_sender_access hash:/etc/postfix/badaddr,
>>         check_recipient_access hash:/etc/postfix/recipients,
>>         reject_rbl_client relays.ordb.org,
>>         reject_rbl_client china.blackholes.us,
>>         reject_rbl_client taiwan.blackholes.us,
>>         reject_rbl_client japan.blackholes.us,
>>         reject_rbl_client korea.blackholes.us,
>>         reject_rbl_client n-i-g-e-r-i-a.blackholes.us, // without the
>> hyphens! reject_rbl_client argentina.blackholes.us,
>>         reject_rbl_client brazil.blackholes.us,
>>         reject_rbl_client thailand.blackholes.us,
>>         reject_rbl_client russia.blackholes.us,
>>         reject_rbl_client bl.spamcop.net,
>>         reject_rbl_client list.dsbl.org,
>>         reject_rhsbl_sender    dsn.rfc-ignorant.org
> ...
>>> Do you also use header_checks and body_checks files?
>>
>>   Yup! Sure do. Right after the above I have:
>>
>> header_checks = regexp:/etc/postfix/header_checks
>> body_checks = regexp:/etc/postfix/body_checks
>>
>> HTH,
>>
>> Rich
>
>
>
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

More information about the PLUG mailing list