Hallo zusammen,
kann es sein das bei verwendung von dnsbl reject_rbl_client auch Benutzer die per sasl authentifizierung sich anmelden um emails zu versenden geblockt werden.
habe aktuell das problem mit einer Kollegin die mit ihren Notebook sich gerade in Tailand befindet.
MfG Philipp Nöbauer
Kannst du bitte mal die Ausgabe von postconf -n posten?
Wenn Du die Restrictions falsch setzt, dann zieht halt die RBL.
Also wie erwähnt, postconf -n geben.
/etc/postfix/main.cf
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
default_privs = nobody
myhostname = mail.communich.eu
mydomain = communich.eu
myorigin = communich.eu
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
local_recipient_maps = hash:/etc/postfix/local_recipient
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 80.152.198.180
in_flow_delay = 1s
alias_maps = hash:/etc/aliases
home_mailbox = Maildir/
#header_checks = regexp:/etc/postfix/header_checks
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = angelcenter-dachau.de, dncom.de, papazaan.eu, sksiamproducts.de
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
disable_dns_lookups = no
disable_mime_output_conversion = no
smtpd_helo_required = no
strict_rfc821_envelopes = no
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
mailbox_size_limit = 0
message_size_limit = 0
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_client_access hash:/etc/postfix/access,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unauth_pipelining,
reject_unknown_hostname,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_rbl_client ten.spamhaus.org
smtpd_helo_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_client_access hash:/etc/postfix/access,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unauth_pipelining,
reject_unknown_hostname,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_rbl_client ten.spamhaus.org
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_client_access hash:/etc/postfix/access,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unauth_pipelining,
reject_unknown_hostname,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_rbl_client ten.spamhaus.org
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_policy_service inet:127.0.0.1:6000,
check_client_access hash:/etc/postfix/access,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unauth_pipelining,
reject_unknown_hostname,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_rbl_client ten.spamhaus.org
header_checks = regexp:/etc/postfix/header
mime_header_checks = regexp:/etc/postfix/header
nested_header_checks = regexp:/etc/postfix/header
body_checks = regexp:/etc/postfix/body
a) ten.spamhaus.org sollte wohl zen.spamhaus.org heissen
b) während der helo restrictions ist noch kein username und kein passwort bekannt und daher permit_sasl_authenticated völlig sinnlos. Wenn der user jetzt nicht in der access tabelle steht (check_client_access hash:/etc/postfix/access), dann fliegt er danach durch die rbl raus.
also sinnvoll wäre es daher, alles in die recipient_restrictions zu packen da erst dort alle informationen vorhanden sind und du dann sauber entscheiden kannst, ob du die mail haben willst oder nicht.
Powered by vBulletin® Version 4.2.5 Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.