[PLUG] postfix configuration

Russ Johnson russj at dimstar.net
Tue Aug 30 22:20:06 UTC 2005 

OK, I'm confused...

That's not unusual, but I thought I had my postfix UCE setup pretty well 
understood.

I have the following entries in /etc/postfix/main.cf:

smtpd_client_restrictions = hash:/etc/postfix/access,
        reject_rbl_client dnsbl.sorbs.net,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client dnsbl.njabl.org,
        reject_rbl_client blackhole.securitysage.com,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client china.blackholes.us,
        reject_rbl_client taiwan.blackholes.us,
        reject_rbl_client japan.blackholes.us,
        reject_rbl_client korea.blackholes.us,
        reject_rbl_client nigeria.blackholes.us,
        reject_rbl_client argentina.blackholes.us,
        reject_rbl_client brazil.blackholes.us,
        reject_rbl_client thailand.blackholes.us,
        reject_rbl_client russia.blackholes.us

#smtpd_sender_restrictions = 
reject_unknown_sender_domain,reject_non_fqdn_sender
,reject_maps_rbl
smtpd_sender_restrictions = reject_rbl_client dnsbl.sorbs.net,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client dnsbl.njabl.org,
        reject_rbl_client blackhole.securitysage.com,
        reject_rbl_client cbl.abuseat.org
maps_rbl_reject_code = 571

---8<--cut here

Both client restrictions and sender restrictions list cbl.abuseat.org.

How come I'm still getting mail from folks listed at cbl.abuseat.org?

I've received three UCE in the last 6 hours from the same IP, and each 
time, I forward it to spamcop, and it tells me that the source of the 
mail is listed in cbl.abuseat.org and that it's an open relay.

It's not like my setup isn't working. Postfix is rejecting over 50% of 
the attempted email deliveries per day. I look through the output of 
postfixlogsum daily, and see hundreds of rejections, including many that 
are rejected using cbl.abuseat.org..

So I'm really confused now.

Any ideas out there?

Russ

More information about the PLUG mailing list