From: Bill Weiss on
Alex(mysqlstudent(a)gmail.com)@Mon, Apr 19, 2010 at 01:11:01AM -0400:
> Hi,
>
> >> http://www.mail-archive.com/postfix-users(a)postfix.org/msg12683.html
> >>
> >> It was only from a few users, but wonder what their experience is
> >> almost a year later.
> >
> > Yes, reject_unknown_client_hostname is still too strict for us. �And we're
> > very strict!
>
> Good to know. I also don't think I can easily make such a change in my
> environment.
>
> > The "warn_if_reject" feature predates "reject_unauth_pipelining", which you
> > seem to be using successfully. �I strongly suspect there was some other
> > error -- probably a simple typo in your config -- that kept warn_if_reject
> > from working for you.
>
> I'm trying to do:
>
> warn_if_reject = reject_rbl_client backscatter.spameatingmonkey.net
>
> But it appears that's only available in later versions, so I've tried
> this, and it also doesn't work:
>
> warn_if_reject = reject_maps_rbl backscatter.spameatingmonkey.net

You probably want:
warn_if_reject reject_maps_rbl backscatter.spameatingmonkey.net
without the "=".

--
Bill Weiss

We will not prove this by intimidation and excessive fist waving.
[while screaming these lines and frantically waving arms]
-- Dr. Max Mintx, Math. Foundations of CS
University of Pennsylvania

From: mouss on
Alex a �crit :
> Hi,
>
>>> Is it common practice to have that restriction in a production environment?
>>>
>>> It appears to be the third case here, that the name->address mapping
>>> does not match the client IP address. Could this be from a legitimate
>>> cause, or typically intentionally to be evasive?
>>>
>> since they put their domain name in their HELO (zaphod.chipchaps.com),
>> they're not trying to evade anything.
>
> Yes, I guess they would have been rejected as a result of my helo checks.
>
>> you could try
>>
>> check_client_access hash:/etc/postfix/access_unknown
>>
>>
>> smtpd_restriction_classes =
>> ...
>> policy_strong
>>
>> policy_strong =
>> reject_rbl_client bb.barracudacentral.org
>
> Is it possible to use maps_rbl_domains instead of reject_rbl_client
> here?

with maps_rbl_domains, you can't specify which list to check in
different places. since you're already using it in the "general" case,
if you add barracuda list, it will apply unconditionally, which is
different from my suggestion to call it when the clien is unknown.

but if you think barracuda list is safe for you (it's not for me. the
corresponding score in spamassassin confirms this for me), you can use it.

> It appears this machine has a version of postfix that doesn't
> understand reject_rbl_client.
>
> Thanks again!
> Best regards,
> Alex

From: mouss on
Alex a �crit :
> Hi,
>
>>> http://www.mail-archive.com/postfix-users(a)postfix.org/msg12683.html
>>>
>>> It was only from a few users, but wonder what their experience is
>>> almost a year later.
>> Yes, reject_unknown_client_hostname is still too strict for us. And we're
>> very strict!
>
> Good to know. I also don't think I can easily make such a change in my
> environment.
>
>> The "warn_if_reject" feature predates "reject_unauth_pipelining", which you
>> seem to be using successfully. I strongly suspect there was some other
>> error -- probably a simple typo in your config -- that kept warn_if_reject
>> from working for you.
>
> I'm trying to do:
>
> warn_if_reject = reject_rbl_client backscatter.spameatingmonkey.net
>

wrong syntax. it's
warn_if_reject reject_rbl_client $yourlist
There's no 'equal' sign.

> But it appears that's only available in later versions, so I've tried
> this, and it also doesn't work:
>
> warn_if_reject = reject_maps_rbl backscatter.spameatingmonkey.net
>

doubly wrong syntax. besides the '=' sign, reject_rbl_maps doesn't take
an argument.

>> 20020905
>>
>> Feature: "smtpd_data_restrictions = reject_unauth_pipelining"
>
> It looks like I have a big project ahead of me to upgrade. What kind
> of process is involved with going from such an old version to the
> current, independent of all the other software?
>
> Thanks,
> Alex

From: Alex on
Hi,

>> I'm trying to do:
>>
>>     warn_if_reject =  reject_rbl_client backscatter.spameatingmonkey.net
>>
>
> wrong syntax. it's
>        warn_if_reject reject_rbl_client $yourlist
> There's no 'equal' sign.

$ postfix check
postfix: fatal: /etc/postfix/main.cf, line 700: missing '=' after
attribute name: "warn_if_reject reject_maps_rbl
backscatter.spameatingmonkey.net"
Apr 19 02:35:33 smtp01 postfix[13351]: fatal: /etc/postfix/main.cf,
line 700: missing '=' after attribute name: "warn_if_reject
reject_maps_rbl backscatter.spameatingmonkey.net"

>> But it appears that's only available in later versions, so I've tried
>> this, and it also doesn't work:
>>
>>     warn_if_reject = reject_maps_rbl backscatter.spameatingmonkey.net
>
> doubly wrong syntax. besides the '=' sign, reject_rbl_maps doesn't take
> an argument.

Looks like I'm SOL for now? :-)

Thanks again,
Alex

From: Stan Hoeppner on
Noel Jones put forth on 4/18/2010 10:55 PM:

> Yes, reject_unknown_client_hostname is still too strict for us. And
> we're very strict!

I ran with this for a short while. Had problems with it rejecting Hotmail
connections. And these weren't Hotmail user mails beings delivered, but
responses to my spam reports coming from the Hotmail abuse dept. Had too
many other legit mails refused as well. It didn't stop any more spam here
than reject_unknown_reverse_client_hostname so I reverted back to the latter.

--
Stan