Re: Why was this message rejected by postfix

On 4/21/2010 3:04 PM, Russell Horn wrote:
> Hi,
>
> I believed I had the whole facebook IP block covered by
> /etc/postfix/access by adding the line:
>
> 69.63.176.0/20 OK
>
> And recreating the has file.

cidr: syntax is not supported in hash: files. You can list
the first three octects to simulate a /24 or your can list
each IP individually.

> paddington:~ # postconf -n
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps
> $virtual_mailbox_maps

$virtual_mailbox_maps should not be included in
local_recipient_maps. This implies you have a
virtual_mailbox_domain listed in mydestination; don't do that.

> maps_rbl_domains = blackholes.mail-abuse.org, sbl.spamhaus.org,
> bl.spamcop.net, blackholes.easynet.nl

The easynet.nl blacklists have been retired for years. Most
people have moved from sbl.spamhaus.org to zen.spamhaus.org.
mail-abuse.org is a subscription-only service.

RBLs are not a set-and-forget item.

Anyway, maps_rbl_domains is a deprecated syntax. You should
be using "reject_rbl_client rbl.example.com" in your
smtpd_*_restrictions instead.

[...]

You should probably set relay_domains empty if you're not
using any relay_domains

relay_domains =

> smtpd_client_restrictions = hash:/etc/postfix/access, reject_maps_rbl

Deprecated syntax. This should be
smtpd_client_restrictions =
   check_client_access hash:/etc/postfix/access
   reject_rbl_client zen.spamhaus.org
   reject_rbl_client bl.spamcop.net

> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, check_client_access
> hash:/etc/postfix/access, reject_unauth_destination

Open relay warning! Any client listed with OK in your access
file has relay access.

To fix this, move reject_unauth_destination BEFORE
check_client_access.
http://www.postfix.org/SMTPD_ACCESS_README.html#danger

> hash:/etc/postfix/block,

Using a hash: file without check_{something}_access statement
is deprecated syntax. Use:
    check_recipient_access hash:/etc/postfix/block

> reject_non_fqdn_hostname,
> reject_non_fqdn_sender, reject_non_fqdn_recipient,
> reject_invalid_hostname, reject_unknown_sender_domain,
> reject_unknown_client, check_relay_domains

check_relay_domains is deprecated (and doesn't do any good
here at the end of your restrictions). Remove it.

   -- Noel Jones

• This message: [ Message body ]
• Next message: mouss: "Re: Using Sasl authentication and RBL"
• Previous message: Eduardo Júnior: "Re: Reject Notification"
• In reply to: Russell Horn: "Why was this message rejected by postfix"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]