Mailinglist Archive: opensuse (2831 mails)

< Previous Next >
Re: [SLE] Postfix UCE, rbl, cidr and ehlo
From: "Per Jessen" <per@xxxxxxxxxxxx>
Ken Schneider wrote:

Yes, mail you send to the list goes through the list server and is
therefore seen as coming from the list server IP address even though
the return address is yours. If you mail him off list (directly) then
that is a different story.

Thanks Ken - all I wanted to point out was that Davids restrictions are
a little too restrictive IMO.


Thanks to all that weighed in. Yes, I know the restrictions are way-way-way too restrictive. I have a separate domain with a fixed IP and stand-by mail server attached to it that I am experimenting with to find out how best to control UCE. The only mail that goes to that domain is spam so if I did rcpostfix stop, it wouldn't make any difference. But I wanted to figure out a good approach to controlling UCE before implementing what works on the production machine. It has been quite fun, really, to learn what can be done with Postfix to address the UCE problem. But my time to devote to it is limited so my progress is slow.

The smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_check parameter is a very good tool for blocking the ranges of IPs that produce most of the spam and the restriction can be controlled to allow acces from within the excluded block.

Take Per's example:

217.0.0.0/8 REJECT You are unwelcome here...

"You won't be getting much email from me then - we're on 217.8.216.8/29."

In /etc/postfix/client_check, that can be addressed by:

[root@bonza postfix]# cat client_check
217.8.216.0/24 OK
217.0.0.0/8 REJECT You are unwelcome here...

So Per's part of the IP range would get through, but the rest would not. I'm still working on this. I'll conduct a test without the hash:/etc/postfix/client_check just using the reject_rbl_client relays.ordb.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client list.dsbl.org, reject_unknown_client and see how it works. Theoretically, the rbl lists should catch much of what I have rejected with the hash of client_check anyway.

Thanks for your thoughts and advise. I'll keep you posted....


--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--


--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx


< Previous Next >