Dear all,
I try to figure out why emails from unknown senders are not blocked by postfix configuration. In my main.cf I have the following: smtpd_recipient_restrictions = permit_mx_backup, permit_mynetworks, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client multihop.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, #reject_unauth_destination, check_relay_domains, check_client_access pcre:/etc/postfix/dspam_filter_access, permit However, I constantly receive mails like the following: Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: NOQUEUE: filter: RCPT from unknown[92.48.195.40]: <unknown[92.48.195.40]>: Client host triggers FILTER dspam:dspam; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<alpha.oxywrz.com> Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: D2DD45F08034: client=unknown[92.48.195.40] Jul 22 10:40:20 SERVER1 postfix/cleanup[26880]: D2DD45F08034: message-id=<[hidden email]> Jul 22 10:40:21 SERVER1 postfix/qmgr[6895]: D2DD45F08034: from=<[hidden email]>, size=2710, nrcpt=1 (queue active) The antispam is not catching the mail (that's another issue), but the question is why on the first place the mail was not denied? Thank you, Peter |
* s91066 <[hidden email]>:
> Dear all, > I try to figure out why emails from unknown senders are not blocked by > postfix configuration. In my main.cf I have the following: > > smtpd_recipient_restrictions = > permit_mx_backup, > permit_mynetworks, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_recipient_domain, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_rbl_client multihop.dsbl.org, > reject_rbl_client sbl-xbl.spamhaus.org, > reject_rbl_client cbl.abuseat.org, > reject_rbl_client bl.spamcop.net, > #reject_unauth_destination, > check_relay_domains, > check_client_access pcre:/etc/postfix/dspam_filter_access, > permit > > However, I constantly receive mails like the following: > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: NOQUEUE: filter: RCPT from > unknown[92.48.195.40]: <unknown[92.48.195.40]>: Client host triggers FILTER > dspam:dspam; from=<[hidden email]> > to=<[hidden email]> proto=ESMTP helo=<alpha.oxywrz.com> > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: D2DD45F08034: > client=unknown[92.48.195.40] > Jul 22 10:40:20 SERVER1 postfix/cleanup[26880]: D2DD45F08034: > message-id=<[hidden email]> > Jul 22 10:40:21 SERVER1 postfix/qmgr[6895]: D2DD45F08034: > from=<[hidden email]>, size=2710, nrcpt=1 (queue > active) > > The antispam is not catching the mail (that's another issue), but the question > is why on the first place the mail was not denied? Why SHOULD it be denied? Based on which criterion? check_relay_domains returns permit or reject, thus nothing after check_relay_domains is seen at all. -- Ralf Hildebrandt ([hidden email]) [hidden email] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de People, it's only email. There are other things in life (really). Have a break ... -- Wietse |
> * s91066 <[hidden email]>:
> > Dear all, > > I try to figure out why emails from unknown senders are not blocked by > > postfix configuration. In my main.cf I have the following: > > > > smtpd_recipient_restrictions = > > permit_mx_backup, > > permit_mynetworks, > > reject_non_fqdn_sender, > > reject_non_fqdn_recipient, > > reject_unknown_recipient_domain, > > reject_unknown_sender_domain, > > reject_unknown_recipient_domain, > > reject_rbl_client multihop.dsbl.org, > > reject_rbl_client sbl-xbl.spamhaus.org, > > reject_rbl_client cbl.abuseat.org, > > reject_rbl_client bl.spamcop.net, > > #reject_unauth_destination, > > check_relay_domains, > > check_client_access pcre:/etc/postfix/dspam_filter_access, > > permit > > > > However, I constantly receive mails like the following: > > > > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: NOQUEUE: filter: RCPT from > > unknown[92.48.195.40]: <unknown[92.48.195.40]>: Client host triggers > > FILTER dspam:dspam; from=<[hidden email]> > > to=<[hidden email]> proto=ESMTP helo=<alpha.oxywrz.com> > > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: D2DD45F08034: > > client=unknown[92.48.195.40] > > Jul 22 10:40:20 SERVER1 postfix/cleanup[26880]: D2DD45F08034: > > message-id=<[hidden email]> > > Jul 22 10:40:21 SERVER1 postfix/qmgr[6895]: D2DD45F08034: > > from=<[hidden email]>, size=2710, nrcpt=1 (queue > > active) > > > > The antispam is not catching the mail (that's another issue), but the > > question is why on the first place the mail was not denied? > > Why SHOULD it be denied? Based on which criterion? > > check_relay_domains returns permit or reject, thus nothing after > check_relay_domains is seen at all. Those criteria are on the bottom of the list. The sender's address is listed at spamhaus.org, thus it should not be permitted to even connect to postfix! So, one of the the reject_rbl_client multihop.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, should block the sender! By the way, I have a mistake on my initial email. The issue is not with the 'unknown senders' (another issue that I currently investigate) but with the rbl. My apologies. |
* s91066 <[hidden email]>:
> > > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: NOQUEUE: filter: RCPT from > > > unknown[92.48.195.40]: <unknown[92.48.195.40]>: Client host triggers > > > FILTER dspam:dspam; from=<[hidden email]> > > > to=<[hidden email]> proto=ESMTP helo=<alpha.oxywrz.com> > > > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: D2DD45F08034: > > > client=unknown[92.48.195.40] > > > Jul 22 10:40:20 SERVER1 postfix/cleanup[26880]: D2DD45F08034: > > > message-id=<[hidden email]> > > > Jul 22 10:40:21 SERVER1 postfix/qmgr[6895]: D2DD45F08034: > > > from=<[hidden email]>, size=2710, nrcpt=1 (queue > > > active) > > > > > > The antispam is not catching the mail (that's another issue), but the > > > question is why on the first place the mail was not denied? > > > > Why SHOULD it be denied? Based on which criterion? > > > > check_relay_domains returns permit or reject, thus nothing after > > check_relay_domains is seen at all. > > Those criteria are on the bottom of the list. The sender's address is listed > at spamhaus.org, thus it should not be permitted to even connect to postfix! > So, one of the > the reject_rbl_client multihop.dsbl.org, http://dsbl.org/ is down, just look at the page > reject_rbl_client sbl-xbl.spamhaus.org, Not listed: http://www.spamhaus.org/query/bl?ip=92.48.195.40 > reject_rbl_client cbl.abuseat.org, Not listed: http://cbl.abuseat.org/lookup.cgi?ip=92.48.195.40&.submit=Lookup > reject_rbl_client bl.spamcop.net, should block the sender! Not listed: http://www.spamcop.net/w3m?action=checkblock&ip=92.48.195.40 > By the way, I have a mistake on my initial email. The issue is not with > the 'unknown senders' (another issue that I currently investigate) but with > the rbl. My apologies. There is no problem. The IP is not listed at all. -- Ralf Hildebrandt ([hidden email]) [hidden email] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I was married by a judge. I should have asked for a jury. - Groucho Marx |
Isn't the single zen list an acceptable catch-all currently?
zen.spamhaus.org It includes all the SBL/XBL/PBL lists and the CBL list from abuseat.org too. See also: http://stats.dnsbl.com/ -- Richard Foley Ciao - shorter than aufwiedersehen http://www.rfi.net/ On Tuesday 22 July 2008 10:54:44 Ralf Hildebrandt wrote: > * s91066 <[hidden email]>: > > > > > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: NOQUEUE: filter: RCPT from > > > > unknown[92.48.195.40]: <unknown[92.48.195.40]>: Client host triggers > > > > FILTER dspam:dspam; from=<[hidden email]> > > > > to=<[hidden email]> proto=ESMTP helo=<alpha.oxywrz.com> > > > > Jul 22 10:40:20 SERVER1 postfix/smtpd[26876]: D2DD45F08034: > > > > client=unknown[92.48.195.40] > > > > Jul 22 10:40:20 SERVER1 postfix/cleanup[26880]: D2DD45F08034: > > > > message-id=<[hidden email]> > > > > Jul 22 10:40:21 SERVER1 postfix/qmgr[6895]: D2DD45F08034: > > > > from=<[hidden email]>, size=2710, nrcpt=1 (queue > > > > active) > > > > > > > > The antispam is not catching the mail (that's another issue), but the > > > > question is why on the first place the mail was not denied? > > > > > > Why SHOULD it be denied? Based on which criterion? > > > > > > check_relay_domains returns permit or reject, thus nothing after > > > check_relay_domains is seen at all. > > > > Those criteria are on the bottom of the list. The sender's address is > > at spamhaus.org, thus it should not be permitted to even connect to postfix! > > So, one of the > > the reject_rbl_client multihop.dsbl.org, > > http://dsbl.org/ is down, just look at the page > > > reject_rbl_client sbl-xbl.spamhaus.org, > > Not listed: > http://www.spamhaus.org/query/bl?ip=92.48.195.40 > > > reject_rbl_client cbl.abuseat.org, > > Not listed: > http://cbl.abuseat.org/lookup.cgi?ip=92.48.195.40&.submit=Lookup > > > reject_rbl_client bl.spamcop.net, should block the sender! > > Not listed: > http://www.spamcop.net/w3m?action=checkblock&ip=92.48.195.40 > > > By the way, I have a mistake on my initial email. The issue is not with > > the 'unknown senders' (another issue that I currently investigate) but > > the rbl. My apologies. > > There is no problem. The IP is not listed at all. > > -- > Ralf Hildebrandt ([hidden email]) [hidden email] > Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 > http://www.arschkrebs.de > I was married by a judge. I should have asked for a jury. - Groucho Marx > |
* Richard Foley <[hidden email]>:
> Isn't the single zen list an acceptable catch-all currently? > > zen.spamhaus.org > > It includes all the SBL/XBL/PBL lists and the CBL list from abuseat.org too. Yes, correct. But it still doesn't list 92.48.195.40 :) -- Ralf Hildebrandt ([hidden email]) [hidden email] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de God does not play dice. -- Einstein |
In reply to this post by Richard Foley
Richard Foley wrote:
> Isn't the single zen list an acceptable catch-all currently? > > zen.spamhaus.org > > It includes all the SBL/XBL/PBL lists and the CBL list from abuseat.org too. more precisely, the cbl is included in the xbl. zen = pbl + sbl-xbl sbl-xbl = sbl + xbl xbl = cbl + njabl-proxy + ... That said, one may want to query the cbl directly to reduce the number of queries to spamhaus or to get fresh responses (I don't know how long it takes to sync the xbl). |
Free forum by Nabble | Edit this page |