[PLUG] Postfix whitelist?
Steven Raymond
stever at woo-hoo.com
Sat Jun 7 20:52:01 UTC 2003
Funny note, I could not even _send_ this email to PLUG outbound through my
mail server because it contained the phrase "You are receiving this email
because you..." is blocked by the body_checks file. I had to temporarily
disable it for the mail to be relayed.
Doesn't that sound like I have a real misconfiguration somewhere? I did
not think that anything in mynetworks was subject to the spam filters on
outgoing mail, just inbound from the world.
Thanks
> Well, I still haven't been able to get this to work. Here's what my
> main.cf looks like:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> check_client_access hash:/etc/postfix/badip,
> check_client_access hash:/etc/postfix/badaddr,
> check_sender_access hash:/etc/postfix/badaddr,
> check_recipient_access hash:/etc/postfix/access,
> reject_maps_rbl,
> reject_unknown_sender_domain,
> reject_unauth_pipelining,
> reject_unknown_recipient_domain,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_non_fqdn_hostname,
> reject_unknown_sender_domain,
> reject_unknown_hostname,
> check_relay_domains
>
> body_checks = regexp:/etc/postfix/body_checks
> header_checks = regexp:/etc/postfix/header_checks
>
> smtpd_client_restrictions =
> permit_mynetworks,
> reject_maps_rbl,
> check_client_access hash:/etc/postfix/access,
> permitsmtpd_helo_required = yes
> smtpd_helo_restrictions =
> permit_mynetworks,
> reject_maps_rbl,
> check_helo_access hash:/etc/postfix/access,
> reject_non_fqdn_hostname,
> reject_unknown_sender_domain,
> reject_unknown_hostname,
> reject_invalid_hostname,
> permit
>
> smtpd_sender_restrictions =
> permit_mynetworks,
> reject_maps_rbl,
> check_sender_access hash:/etc/postfix/access,
> reject_non_fqdn_hostname,
> reject_invalid_hostname,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> reject_unknown_hostname,
> permit
>
> Here's the /etc/postfix/badip and badaddr files (and I did run 'postmap
> badip' then 'postmap badaddr' which generates the .db files)
> [root at sparky postfix]# cat badip
> 12.129.211.145 OK
> [root at sparky postfix]# cat badaddr
> ipowerweb.com OK
>
> Still get a rejection like below:
> Jun 7 20:24:16 sparky postfix/smtpd[19754]: connect from
> host45.ipowerweb.com[12.129.211.145]
> Jun 7 20:24:16 sparky postfix/smtpd[19754]: 956E87E80E8:
> client=host45.ipowerweb.com[12.129.211.145]
> Jun 7 20:24:17 sparky postfix/cleanup[19755]: 956E87E80E8:
> message-id=<E19OqnT-000662-00 at host45.ipowerweb.com>
> Jun 7 20:24:17 sparky postfix/cleanup[19755]: 956E87E80E8: reject: body
> You are receiving this email because you have (or someone pretending to
> be you has) requested a new password be sent for your account on
> ClubCivic.com. If you did not request this email then please ig;
> from=<nobody at host45.ipowerweb.com> to=<clubcivic at woo-hoo.com>: Message
> content rejected
> Jun 7 20:24:22 sparky postfix/smtpd[19754]: disconnect from
> host45.ipowerweb.com[12.129.211.145]
>
> I presume that the "Message content rejected" is due to the body_checks
> filters. Is it something easy I'm screwing up, like the order of
> appearance of the filter checks in main.cf? I've done a 'service
> postfix restart' in between each change- that should get it to reload
> main.cf I'm sure.
>
> Any other ideas? This is driving me nuts!
>
> Thanks
>
>
>> On Tue, 27 May 2003, Steven Raymond wrote:
>>
>>> What does your entry in main.cf look like which refers to the
>>> "badaddr|badip" files?
>>
>> smtpd_recipient_restrictions =
>> permit_mynetworks,
>> reject_unauth_destination,
>> check_client_access hash:/etc/postfix/badip,
>> check_client_access hash:/etc/postfix/badaddr,
>> check_helo_access hash:/etc/postfix/helo_checks,
>> check_sender_access hash:/etc/postfix/badaddr,
>> check_recipient_access hash:/etc/postfix/recipients,
>> reject_rbl_client relays.ordb.org,
>> reject_rbl_client china.blackholes.us,
>> reject_rbl_client taiwan.blackholes.us,
>> reject_rbl_client japan.blackholes.us,
>> reject_rbl_client korea.blackholes.us,
>> reject_rbl_client n-i-g-e-r-i-a.blackholes.us, // without the
>> hyphens! reject_rbl_client argentina.blackholes.us,
>> reject_rbl_client brazil.blackholes.us,
>> reject_rbl_client thailand.blackholes.us,
>> reject_rbl_client russia.blackholes.us,
>> reject_rbl_client bl.spamcop.net,
>> reject_rbl_client list.dsbl.org,
>> reject_rhsbl_sender dsn.rfc-ignorant.org
> ...
>>> Do you also use header_checks and body_checks files?
>>
>> Yup! Sure do. Right after the above I have:
>>
>> header_checks = regexp:/etc/postfix/header_checks
>> body_checks = regexp:/etc/postfix/body_checks
>>
>> HTH,
>>
>> Rich
>
>
>
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
More information about the PLUG
mailing list