Mailinglist Archive: opensuse (2831 mails)

< Previous Next >
[SLE] Postfix UCE, rbl, cidr and ehlo
  • From: "David Rankin" <drankin@xxxxxxxxxxxxxxxx>
  • Date: Wed, 12 Jul 2006 21:54:59 -0500
  • Message-id: <016101c6a627$baaeefc0$6106a8c0@xxxxxxxxxxxxxxx>
Sandy, Carlos, Patrick

While we are on the SA and UCE issues, I thought I would run my new
setup by the list and ask "Does anybody see any blatant screw ups in my
setup from and order standpoint or from a conflicting restriction
standpoint?" Does is matter if smtpd_recipient_restrictions comes before
smtpd_client_restrictions or the smtpd_helo_restrictions? It seems to be
working as I watch and check the logs. What say the gurus?

main.cf
#tightening postfix
unknown_local_recipient_reject_code = 550
unknown_client_reject_code = 550
smtpd_hard_error_limit = 5
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_check.pcre
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/client_check.cidr, reject_rbl_client relays.ordb.org,
reject_unknown_client
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname

nemesis:/etc/postfix # cat recipient_check.pcre
/^support@/ REJECT
/^info@/ REJECT
/^assistance@/ REJECT
/^root@/ REJECT
/^sales@/ REJECT
/^admin@/ REJECT
/^administrator@/ REJECT
/^mail@/ REJECT
/^accounting@/ REJECT
/^majordomo@/ REJECT

nemesis:/etc/postfix # cat client_check.cidr
58.0.0.0/8 REJECT You are unwelcome here...
60.0.0.0/8 REJECT You are unwelcome here...
61.0.0.0/8 REJECT You are unwelcome here...
81.0.0.0/8 REJECT You are unwelcome here...
82.0.0.0/8 REJECT You are unwelcome here...
83.0.0.0/8 REJECT You are unwelcome here...
84.0.0.0/8 REJECT You are unwelcome here...
85.0.0.0/8 REJECT You are unwelcome here...
86.0.0.0/8 REJECT You are unwelcome here...
87.0.0.0/8 REJECT You are unwelcome here...
121.0.0.0/8 REJECT You are unwelcome here...
122.0.0.0/8 REJECT You are unwelcome here...
124.0.0.0/8 REJECT You are unwelcome here...
126.0.0.0/8 REJECT You are unwelcome here...
169.208.0.0/16 REJECT You are unwelcome here...
190.0.0.0/8 REJECT You are unwelcome here...
193.0.0.0/8 REJECT You are unwelcome here...
195.0.0.0/8 REJECT You are unwelcome here...
196.192.0.0/16 REJECT You are unwelcome here...
200.0.0.0/8 REJECT You are unwelcome here...
201.0.0.0/8 REJECT You are unwelcome here...
202.0.0.0/8 REJECT You are unwelcome here...
203.0.0.0/8 REJECT You are unwelcome here...
210.0.0.0/8 REJECT You are unwelcome here...
211.0.0.0/8 REJECT You are unwelcome here...
217.0.0.0/8 REJECT You are unwelcome here...
218.0.0.0/8 REJECT You are unwelcome here...
219.0.0.0/8 REJECT You are unwelcome here...
220.0.0.0/8 REJECT You are unwelcome here...
222.0.0.0/8 REJECT You are unwelcome here...

Any thoughts? (Again, this is a test machine and not a production machine. I
know I have several continents worth of IP ranges excluded)

--
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
www.rankinlawfirm.com



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.10/387 - Release Date: 7/12/06


--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx


< Previous Next >