Bugs item #1435490, was opened at 2006-02-20 23:19
Message generated for change (Settings changed) made by xedo
You can respond by visiting:
https://sourcefo
rge.net/tracker/?func=detail&atid=725139&aid=1435490
&group_id=132104
Please note that this message will contain a full copy of
the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Packages
Group: None
>Status: Closed
Resolution: Fixed
Priority: 5
Submitted By: Raphael Lechner (xedo)
Assigned to: Raphael Lechner (xedo)
Summary: SMTP RBL for IP Addresses not works
Initial Comment:
Blacklistet IP Addresses are not blocked.
This should be fixed now.
------------------------------------------------------------
----------
Comment By: Peter Warasin (peter-endian)
Date: 2006-03-29 01:30
Message:
Logged In: YES
user_id=1159983
the reason is that reject_rhsbl_client does only filter host
names, reject_rbl_client does lookups for ip addresses.
this has been fixed in our source trunk
can't provide a fresh rpm, because it has dependencies :/
------------------------------------------------------------
----------
Comment By: Dayne Lucas (dayne)
Date: 2006-02-21 17:06
Message:
Logged In: YES
user_id=1391124
Dear Raphael,
I installed the latest patch, and after the update, changes
made to advanced settings such as smtp hard error limit do
not effect the RBL lists. So that is fixed. Here is my
main.cf:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
mydomain = $myhostname
myorigin = $mydomain
syslog_facility = mail
syslog_name = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps =
unknown_local_recipient_reject_code = 550
relay_domains = hash:/etc/postfix/relay_domains
transport_maps = hash:/etc/postfix/transport
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
alias_maps = hash:/etc/aliases
manpage_directory = /usr/share/man/
content_filter = smtp-amavis:[127.0.0.1]:10024
default_transport = smtp
smtpd_tls_cert_file = /etc/httpd/server.crt
smtpd_tls_key_file = /etc/httpd/server.key
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_key_file
smtpd_use_tls = yes
smtpd_enforce_tls = no
smtp_use_tls = yes
smtp_enforce_tls = no
message_size_limit = 10240000
smtpd_helo_required = yes
smtpd_hard_error_limit = 5
smtpd_client_restrictions = check_client_access
btree:/etc/postfix/client_rules,reject_rhsbl_client
bl.spamcop.net,reject_rhsbl_client
sbl-xbl.spamhaus.org,reject_rhsbl_client
cbl.abuseat.org,reject_rhsbl_client
dul.dnsbl.sorbs.net,reject_rhsbl_client
list.dsbl.org,reject_rhsbl_client
relays.ordb.org,reject_rhsbl_client
opm.blitzed.org,reject_rhsbl_client dsn.rfc-ignorant.org
smtpd_sender_restrictions = check_sender_access
btree:/etc/postfix/sender_rules,reject_rhsbl_sender
bl.spamcop.net,reject_rhsbl_sender
sbl-xbl.spamhaus.org,reject_rhsbl_sender
cbl.abuseat.org,reject_rhsbl_sender
dul.dnsbl.sorbs.net,reject_rhsbl_sender
list.dsbl.org,reject_rhsbl_sender
relays.ordb.org,reject_rhsbl_sender
opm.blitzed.org,reject_rhsbl_sender
dsn.rfc-ignorant.org,reject_invalid_hostname,reject_non_fqdn
_sender,reject_unknown_sender_domain
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_de
stination,check_recipient_access
btree:/etc/postfix/recipient_rules,reject_non_fqdn_recipient
,reject_unknown_recipient_domain,check_policy_service
inet:127.0.0.1:10026, permit
mynetworks = 127.0.0.0/8,172.19.7.0/24,192.168.2.0/24
------------------------------------------------------------
----------
Comment By: Raphael Lechner (xedo)
Date: 2006-02-21 11:41
Message:
Logged In: YES
user_id=202863
Dear Dayne,
OK.I hope the issue with overwrite settings is now
fixed(efw-smtpscan-1.1.36).
Can you please post your /etc/postfix/main.cf or send me a
mail.
Thank you.
Best regards,
Raphael L. aka xed0
------------------------------------------------------------
----------
Comment By: Dayne Lucas (dayne)
Date: 2006-02-21 01:51
Message:
Logged In: YES
user_id=1391124
Dear Xed0,
Thanks for the quick response. However after applying both
patches and rebooting the firewall, it is still not
rejecting connections from servers listed in any of the
rbl's. For instance:
postfix/smtpd[5593]: warning: 209.66.67.200: address not
listed for hostname m00.natlamm.com
Feb 20 19:42:36 postfix/smtpd[5593]: connect from
unknown[209.66.67.200]
Feb 20 19:42:38 postfix/smtpd[5593]: NOQUEUE: reject: RCPT
from unknown[209.66.67.200]: 450 : Recipient address
rejected: Greylisted for 300 seconds (see
http://isg.ee.ethz.ch/tools/postgrey/help/fums.org.html);
from= to= proto=SMTP helo=
209.66.67.200 is listed in spamhaus.org database and I have
all of the RBL lookups enabled. Also changing the hard error
limit and hitting save, causes all of the RBL servers that
were selected in Blacklist/Whitelist to become disabled.
Best regards,
Dayne
------------------------------------------------------------
----------
You can respond by visiting:
https://sourcefo
rge.net/tracker/?func=detail&atid=725139&aid=1435490
&group_id=132104
_______________________________________________
Efw-devel mailing list
Efw-devel lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-devel
|