Why is this mail accepted?

> Dear all,
> I try to figure out why emails from unknown senders are not blocked by
> postfix configuration. In my main.cf I have the following:
>
> smtpd_recipient_restrictions =
> permit_mx_backup,
> permit_mynetworks,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_rbl_client multihop.dsbl.org,
> reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client bl.spamcop.net,
> #reject_unauth_destination,
> check_relay_domains,
> check_client_access pcre:/etc/postfix/dspam_filter_access,
> permit
>
> However, I constantly receive mails like the following:

> Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: NOQUEUE: filter: RCPT from
> unknown[92.48.195.40]: <unknown[92.48.195.40]>: Client host triggers FILTER
> dspam:dspam; from=<[hidden email]>
> to=<[hidden email]> proto=ESMTP helo=<alpha.oxywrz.com>
> Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: D2DD45F08034:
> client=unknown[92.48.195.40]
> Jul 22 10:40:20 SERVER1 postfix/cleanup[26880]: D2DD45F08034:
> message-id=<[hidden email]>
> Jul 22 10:40:21 SERVER1 postfix/qmgr[6895]: D2DD45F08034:
> from=<[hidden email]>, size=2710, nrcpt=1 (queue
> active)
>
> The antispam is not catching the mail (that's another issue), but the question
> is why on the first place the mail was not denied?

> * s91066 <[hidden email]>:
> > Dear all,
> > I try to figure out why emails from unknown senders are not blocked by
> > postfix configuration. In my main.cf I have the following:
> >
> > smtpd_recipient_restrictions =
> > permit_mx_backup,
> > permit_mynetworks,
> > reject_non_fqdn_sender,
> > reject_non_fqdn_recipient,
> > reject_unknown_recipient_domain,
> > reject_unknown_sender_domain,
> > reject_unknown_recipient_domain,
> > reject_rbl_client multihop.dsbl.org,
> > reject_rbl_client sbl-xbl.spamhaus.org,
> > reject_rbl_client cbl.abuseat.org,
> > reject_rbl_client bl.spamcop.net,
> > #reject_unauth_destination,
> > check_relay_domains,
> > check_client_access pcre:/etc/postfix/dspam_filter_access,
> > permit
> >
> > However, I constantly receive mails like the following:
> >
> > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: NOQUEUE: filter: RCPT from
> > unknown[92.48.195.40]: <unknown[92.48.195.40]>: Client host triggers
> > FILTER dspam:dspam; from=<[hidden email]>
> > to=<[hidden email]> proto=ESMTP helo=<alpha.oxywrz.com>
> > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: D2DD45F08034:
> > client=unknown[92.48.195.40]
> > Jul 22 10:40:20 SERVER1 postfix/cleanup[26880]: D2DD45F08034:
> > message-id=<[hidden email]>
> > Jul 22 10:40:21 SERVER1 postfix/qmgr[6895]: D2DD45F08034:
> > from=<[hidden email]>, size=2710, nrcpt=1 (queue
> > active)
> >
> > The antispam is not catching the mail (that's another issue), but the
> > question is why on the first place the mail was not denied?
>
> Why SHOULD it be denied? Based on which criterion?
>
> check_relay_domains returns permit or reject, thus nothing after
> check_relay_domains is seen at all.

> > > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: NOQUEUE: filter: RCPT from
> > > unknown[92.48.195.40]: <unknown[92.48.195.40]>: Client host triggers
> > > FILTER dspam:dspam; from=<[hidden email]>
> > > to=<[hidden email]> proto=ESMTP helo=<alpha.oxywrz.com>
> > > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: D2DD45F08034:
> > > client=unknown[92.48.195.40]
> > > Jul 22 10:40:20 SERVER1 postfix/cleanup[26880]: D2DD45F08034:
> > > message-id=<[hidden email]>
> > > Jul 22 10:40:21 SERVER1 postfix/qmgr[6895]: D2DD45F08034:
> > > from=<[hidden email]>, size=2710, nrcpt=1 (queue
> > > active)
> > >
> > > The antispam is not catching the mail (that's another issue), but the
> > > question is why on the first place the mail was not denied?
> >
> > Why SHOULD it be denied? Based on which criterion?
> >
> > check_relay_domains returns permit or reject, thus nothing after
> > check_relay_domains is seen at all.
>
> Those criteria are on the bottom of the list. The sender's address is listed
> at spamhaus.org, thus it should not be permitted to even connect to postfix!
> So, one of the
> the reject_rbl_client multihop.dsbl.org,

> > > > active)
> > > >
> > > > The antispam is not catching the mail (that's another issue), but the
> > > > question is why on the first place the mail was not denied?
> > >
> > > Why SHOULD it be denied? Based on which criterion?
> > >
> > > check_relay_domains returns permit or reject, thus nothing after
> > > check_relay_domains is seen at all.
> >
> > Those criteria are on the bottom of the list. The sender's address is

> > So, one of the
> > the reject_rbl_client multihop.dsbl.org,
>
> http://dsbl.org/ is down, just look at the page
>
> > reject_rbl_client sbl-xbl.spamhaus.org,
>
> Not listed:
> http://www.spamhaus.org/query/bl?ip=92.48.195.40
>
> > reject_rbl_client cbl.abuseat.org,
>
> Not listed:
> http://cbl.abuseat.org/lookup.cgi?ip=92.48.195.40&.submit=Lookup
>
> > reject_rbl_client bl.spamcop.net, should block the sender!
>
> Not listed:
> http://www.spamcop.net/w3m?action=checkblock&ip=92.48.195.40
>
> > By the way, I have a mistake on my initial email. The issue is not with
> > the 'unknown senders' (another issue that I currently investigate) but

> > the rbl. My apologies.
>
> There is no problem. The IP is not listed at all.
>
> --
> Ralf Hildebrandt ([hidden email])          [hidden email]
> Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
> http://www.arschkrebs.de
> I was married by a judge. I should have asked for a jury. - Groucho Marx
>