Подскажите пожалуйста как сделать исключения для reject_rbl_client.
При отсылке почты по SMTP с офиса получаю:
Server: 'mail.etorg.com', Protocol: SMTP, Server Response: '554 5.7.1 Service unavailable; Client host [91.90.15.36] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=91.90.15.36'
Если закоментировать rblы слишком много спама начинает идти - не выход.
Причём айпи этот почти во всех листах. В тех где нет спам почти не режут.
Подскажите пожалуйста можно ли добваить 91.90.15.36 в исключения и как именно.smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
permit_mynetworks,
# check_sender_access hash:/usr/local/etc/postfix/access,
# reject_spf_invalid_sender,
# reject_non_fqdn_hostname,
reject_invalid_hostname,
# reject_unauth_destination,
check_recipient_access mysql:/usr/local/etc/postfix/sql/mysql_access_maps.cf,
check_sender_access mysql:/usr/local/etc/postfix/sql/mysql_access_maps.cf,
check_policy_service unix:private/spfpolicy,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
# reject_rbl_client dnsbl.njabl.org,
# reject_rbl_client bhnc.njabl.org,
reject_rbl_client cbl.abuseat.org,
# reject_rbl_client list.dsbl.org,
# check_policy_service inet:127.0.0.1:10023,
permit_auth_destination,
permit_sasl_authenticated,
rejectsmtpd_sender_restrictions =
check_sender_access mysql:/usr/local/etc/postfix/sql/mysql_access_maps.cf
permit_mynetworks,
# reject_unknown_client,
reject_unknown_address,
reject_unknown_sender_domain
permit
# rejectsmtpd_client_restrictions =
check_client_access mysql:/usr/local/etc/postfix/sql/mysql_access_maps.cf
permit_mynetworks,
check_recipient_access hash:$config_directory/skipcheck,
# reject_unknown_client,
permit
# rejectsmtpd_data_restrictions =
reject_unauth_pipelining,
permit#ANTI SPAM
smtpd_delay_reject = yes
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_helo_restrictions =
permit_mynetworks,
# check_recipient_access hash:$config_directory/skipcheck,
# check_helo_access hash:/usr/local/etc/postfix/helo_access,
warn_if_reject,
# reject_non_fqdn_hostname,
# reject_unknown_hostname,
# reject_invalid_hostname,
reject_unknown_client,
permit
Передreject_rbl_client zen.spamhaus.org
поставить
check_client_access hash:$config_directory/white_list
$config_directory/white_list
91.90.15.36 OK
Добавил
check_client_access hash:/usr/local/etc/postfix/white_listШлю, на что получаю:
Jan 18 19:12:53 eTorg postfix/smtpd[55300]: fatal: open database /usr/local/etc/postfix/white_list.db: No such file or directory
Jan 18 19:12:54 eTorg postfix/master[1308]: warning: process /usr/local/libexec/postfix/smtpd pid 55300 exit status 1
Jan 18 19:12:54 eTorg postfix/master[1308]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttlingПереименовываю в white_list.db
получаю:
Jan 18 19:17:40 eTorg postfix/smtpd[55612]: fatal: open database /usr/local/etc/postfix/white_list.db: Inappropriate file type or format
Jan 18 19:17:41 eTorg postfix/master[1308]: warning: process /usr/local/libexec/postfix/smtpd pid 55612 exit status 1
Jan 18 19:17:41 eTorg postfix/master[1308]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Странно, ведь я использую hash:/ а не mysql:/
postmap сделай
ALex_hha, спасибо!
Вроде сделал через mysql.Но теперь другая проблема - шлёт письма без авторизации с этого IP.
Хотелось бы с авторизацией. Подскажите пожалуйста.
Postfix последней версии
Никто не подскажет?
Всё ещё актуально ...
Вот полный конф:
Его писал не я
Ящики находятся в базе mysql, доступ через файл
/usr/local/etc/postfix/sql/mysql_local_mailboxes_maps.cf
или
/usr/local/etc/postfix/sql/mysql_virtual_mailboxes_maps.cfПо логину и паролю для доступу к ящиками проходит и авторизация SMTP.
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
myhostname = mail.etorg.com
mydomain = etorg.com
myorigin = $mydomain
inet_interfaces = $myhostname, localhostlocal_transport = virtual
local_recipient_maps = $virtual_alias_maps $alias_maps $virtual_mailbox_maps unix:passwd.byname
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
mynetworks = $config_directory/mynetworks
relay_domains = $mydestination, $transport_maps
smtpd_policy_service_timeout = 300s
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
permit_mynetworks,
# reject_spf_invalid_sender,
# reject_non_fqdn_hostname,
reject_invalid_hostname,
# reject_unauth_destination,
check_recipient_access mysql:/usr/local/etc/postfix/sql/mysql_access_maps.cf,
check_sender_access mysql:/usr/local/etc/postfix/sql/mysql_access_maps.cf,
check_policy_service unix:private/spfpolicy,
check_client_access mysql:/usr/local/etc/postfix/sql/mysql_whitelist.cf,
# check_client_access hash:/usr/local/etc/postfix/white_list,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client bhnc.njabl.org,
reject_rbl_client cbl.abuseat.org,
# reject_rbl_client list.dsbl.org,
# check_policy_service inet:127.0.0.1:10023,
permit_auth_destination,
permit_sasl_authenticated,
rejectsmtpd_sender_restrictions =
check_sender_access mysql:/usr/local/etc/postfix/sql/mysql_access_maps.cf
permit_mynetworks,
# reject_unknown_client,
reject_unknown_address,
reject_unknown_sender_domain
permit
# rejectsmtpd_client_restrictions =
check_client_access mysql:/usr/local/etc/postfix/sql/mysql_access_maps.cf
permit_mynetworks,
check_recipient_access hash:$config_directory/skipcheck,
# reject_unknown_client,
permit
# rejectsmtpd_data_restrictions =
reject_unauth_pipelining,
permit#ANTI SPAM
smtpd_delay_reject = yes
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_helo_restrictions =
permit_mynetworks,
# check_recipient_access hash:$config_directory/skipcheck,
# check_helo_access hash:/usr/local/etc/postfix/helo_access,
warn_if_reject,
# reject_non_fqdn_hostname,
# reject_unknown_hostname,
# reject_invalid_hostname,
reject_unknown_client,
permitstrict_rfc821_envelopes = yes
smtpd_recipient_limit = 5
default_destination_recipient_limit = 5
smtpd_soft_error_limit = 2
smtpd_error_sleep_time = 5
smtpd_hard_error_limit = 5
#smtpd_client_connection_rate_limit = 1
#ANTI SPAMsmtpd_etrn_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
permit# INTERNET OR INTRANET
in_flow_delay = 1s
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/usr/local/etc/postfix/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliasesallow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forwardtransport_maps = mysql:/usr/local/etc/postfix/sql/mysql_transport.cf
##relocated_maps = mysql:/usr/local/etc/postfix/sql/mysql-relocated.cf
virtual_mailbox_base = /var/mail
#virtual_mailbox_domains = mysql:/usr/local/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/sql/mysql_virtual_mailboxes_maps.cf
virtual_mailbox_limit = 102400000
message_size_limit = 25085760
mailbox_size_limit = 50485760
virtual_mailbox_limit = 50485760
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota, try again later."
virtual_overquota_bounce = yes##alias_maps = mysql:/usr/local/etc/postfix/sql/mysql_virtual_alias_maps.cf
virtual_alias_maps = mysql:/usr/local/etc/postfix/sql/mysql_virtual_alias_maps.cf
##virtual_maps = mysql:/usr/local/etc/postfix/sql/mysql_virtual_alias_maps.cf
##virtual_uid_maps = mysql:/usr/local/etc/postfix/sql/mysql_uid_maps.cf
##virtual_gid_maps = mysql:/usr/local/etc/postfix/sql/mysql_gid_maps.cf
virtual_uid_maps = static:125
virtual_gid_maps = static:6
virtual_minimum_uid = 125#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/usr/local/etc/postfix/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases# DELIVERY TO MAILBOX
#home_mailbox = Maildir/
fallback_transport = virtual
header_checks = regexp:/usr/local/etc/postfix/header_checks
#mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks
#body_checks = regexp:/usr/local/etc/postfix/body_checkssmtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
smtp_destination_concurrency_limit = 50
transport_destination_concurrency_limit = 50debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = /usr/local/share/doc/postfix
hash_queue_depth = 1
hash_queue_names = incoming,active,deferred,bounce,defer,flush,holdsmtp_connection_cache_destinations = $relayhost
smtp_connection_cache_on_demand = yes
smtp_connection_cache_reuse_limit = 10
smtp_connection_cache_time_limit = 2ssmtp_defer_if_no_mx_address_found = yes
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes#spf_explanation = "[SPF] %{h} [%{i}] is not allowed to send mail for %{s}: please see http://spf.pobox.com/why.html?sender=%{s}&ip=...
#spf_global_whitelist = yes
##spf_local_policy =
#spf_mark_only = no
#spf_received_header = yes
#spf_reject_code = 550
data_directory = /var/db/postfix
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpdqueue_run_delay = 3m
minimal_backoff_time = 3m
maximal_backoff_time = 3h
maximal_queue_lifetime = 2d
bounce_queue_lifetime = 2d
http://www.postfix.org/RESTRICTION_CLASS_README.html