check_client_access and RBLs

Posted by Laurent on Server Fault See other posts from Server Fault or by Laurent
Published on 2010-11-12T21:22:57Z Indexed on 2011/01/06 9:56 UTC
Read the original article Hit count: 202

Filed under:

postfix

|

rbl

In an attempt to better fight spam, I've configured Postfix like this:

smtpd_client_restrictions =

    check_client_access hash:/etc/postfix/client_whitelist
    reject_unknown_client

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_destination,
    reject_unauth_pipelining,
    reject_invalid_hostname,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client l2.apews.org,
    permit

This config has reduced a lot of spam, and with the whitelist I was able to deal with some misconfigured but legitimate servers in order to accept them. However, I'm wondering if this particular whitelisting config will be able to do the job if some other legitimate servers found themselves blacklisted in one of these RBLs. Am I missing something?

© Server Fault or respective owner

Related posts about postfix

postfix: Temporary lookup failure

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have followed the tutorials step by step for installing and configuring postfix https://help.ubuntu.com/community/Postfix https://help.ubuntu.com/community/PostfixBasicSetupHowto I am trying to test the services to whether Temporary lookup failure error telnet localhost 25 250 2.1.0 Ok rcpt to:… >>> More
postfix with mailman

as seen on Server Fault - Search for 'Server Fault'
What should happen is that [email protected] should be delivered to that users inbox on localhost, user@localhost. Thunderbird works fine at reading user@localhost. I'm just using a small portion of postfix-dovecot with Ubuntu mailman. How can I get postfix to recognize the FQDN and deliver… >>> More
saslauthd + PostFix producing password verification and authentication errors

as seen on Server Fault - Search for 'Server Fault'
So I'm trying to setup PostFix while using SASL (Cyrus variety preferred, I was using dovecot earlier but I'm switching from dovecot to courier so I want to use cyrus instead of dovecot) but I seem to be having issues. Here are the errors I'm receiving: ==> mail.log <== Aug 10 05:11:49 crazyinsanoman… >>> More
centos postfix send email problem

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a big problem with postfix. I can receive mail in webmin and outlook but I can't send (only on local I can - user to user). Dovecot is working just fine. Sendmail is disable. Please help me. postfix -n postfix: invalid option -- n postfix: fatal: usage: postfix [-c config_dir] [-Dv]… >>> More
Migrating users and mailboxes from postfix / Maildir to Postfix with Mysql backend

as seen on Server Fault - Search for 'Server Fault'
So I've got 60 or so users on a hand rolled postfix installation on openbsd and I'd like to move their mailboxes to our new mail server running iRedMail (postfix, vmail/mysql back end) Does anyone know of a good way to do this? Preferably a script I can run to keep syncing the users mailboxes as… >>> More

Related posts about rbl

Best Postfix spam RBL policy weight daemon?

as seen on Server Fault - Search for 'Server Fault'
I just heard about policyd-weight so I did an apt-cache search policyd which returns three options: policyd-weight postfix-policyd postfwd Which one is the best, and do you have any tips on setting them up? Our current setup is whitelister plus postgrey to greylist RBLd hosts, then fail2ban them… >>> More
sendmail: how to add X-RBL-Warning

as seen on Server Fault - Search for 'Server Fault'
I am running sendmail on CentOS. I am interested if anyone knows how to add a X-RBL-Warning for incoming messages (without rejecting the mail). I just want to add the X-RBL-Warning header so that our downstream filters can work with it. Thanks, John >>> More
dynamically created controls and postback

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi all, I have created dynamic controls (Radiobuttonlists) in an asp.net page (c#). I create them after a button click like this. RadioButtonList rbl = new RadioButtonList(); c2.Controls.Add(rbl); //Set properties of rbl rbl.RepeatLayout = RepeatLayout.Flow; rbl.ID = string.Format("rbl{0}", item… >>> More
Postfix Whitelist before recipient restrictions

as seen on Server Fault - Search for 'Server Fault'
Alright. Some background. We have an anti-spam cluster trucking about 2-3 million emails per day, blocking somewhere in the range of 99% of spam email from our end users. The underlying SMTP server is Postfix 2.2.10. The "Frontline defense" before mail gets carted off to SpamAssassin/ClamAV/ ect… >>> More
does it still have any sense to directly drop mails that trigger RBLs?

as seen on Server Fault - Search for 'Server Fault'
Once upon a time, using RBLs to drop mails was actually a good idea. These days seems it is no more possible for a reason or the other, so every one switched / is_switching to just use RBLs as another test in score based antispam solutions (read: SpamAssassin & friends). This gives good results… >>> More