Postfix RBL

Dieses Thema im Forum "Server Administration" wurde erstellt von skorpion2001, 27. Dez. 2009.

  1. skorpion2001

    skorpion2001 New Member

    Guten Tag,
    Ich habe folgendes Problem, in meiner Konfiguration von Postfix habe ich 3 RBL Server eingetragen, nur wird anscheinend keiner von dennen abgefragt.

    Wie kann ich überprüfen ob diese abgefragt werden oder nicht.
     
  2. Till

    Till Administrator

    Poste bitte mal die Zeilen aus der main.cf, wo Du sie eingetragen hast.
     
  3. skorpion2001

    skorpion2001 New Member

    Der einfach halber Poste ich mal die komplette Main.cf:

    # LOCAL PATHNAME INFORMATION
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/local/postfix

    # QUEUE AND PROCESS OWNERSHIP
    mail_owner = postfix

    # INTERNET HOST AND DOMAIN NAMES
    myhostname = gundix.crw-home.lan
    mydomain = crw-home.lan

    # SENDING MAIL
    #myorigin = $myhostname
    myorigin = $mydomain

    # RECEIVING MAIL
    inet_interfaces = all

    mydestination = $myhostname, localhost.$mydomain, localhost

    # REJECTING MAIL FOR UNKNOWN LOCAL USERS
    #local_recipient_maps = unix:passwd.byname $alias_maps
    local_recipient_maps =
    unknown_local_recipient_reject_code = 550

    # TRUST AND RELAY CONTROL
    #mynetworks_style = class
    #mynetworks_style = subnet
    #mynetworks_style = host

    mynetworks = 127.0.0.0/8, 192.168.11.0/24

    #relay_domains = $mydestination

    # INTERNET OR INTRANET
    #relayhost = $mydomain
    #relayhost = [gateway.my.domain]
    relayhost = mail.crw.de

    # set default db type to btree
    default_database_type = btree

    # ALIAS DATABASE
    alias_maps = btree:/etc/aliases
    alias_database = btree:/etc/aliases

    # ADDRESS EXTENSIONS (e.g., user+foo)
    recipient_delimiter = +

    mail_spool_directory = /var/spool/postfix/virtual

    mail_restrict_map = proxy:mysql:/etc/postfix/mysql-virtual_restrictions.cf

    proxy_read_maps =
    $local_recipient_maps,
    $mydestination,
    $virtual_alias_maps,
    $virtual_alias_domains,
    $virtual_mailbox_maps,
    $virtual_mailbox_domains,
    $virtual_mailbox_limit_maps,
    $relay_recipient_maps,
    $relay_domains,
    $canonical_maps,
    $sender_canonical_maps,
    $recipient_canonical_maps,
    $relocated_maps,
    $transport_maps,
    $mynetworks,
    $mail_restrict_map,
    $smtpd_recipient_restrictions

    # FAST ETRN SERVICE
    #fast_flush_domains = $relay_domains

    # SHOW SOFTWARE VERSION OR NOT
    # You MUST specify $myhostname at the start of the text.
    #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

    # PARALLEL DELIVERY TO THE SAME DESTINATION
    local_destination_concurrency_limit = 1
    #default_destination_concurrency_limit = 20
    maildrop_destination_recipient_limit = 1

    # DEBUGGING CONTROL
    debug_peer_level = 2
    #debug_peer_list = 127.0.0.1
    #debug_peer_list = some.domain

    # INSTALL-TIME CONFIGURATION INFORMATION
    sendmail_path = /usr/sbin/sendmail
    newaliases_path = /usr/bin/newaliases
    mailq_path = /usr/bin/mailq
    setgid_group = maildrop
    html_directory = no
    manpage_directory = /usr/share
    sample_directory = /etc/postfix
    readme_directory = no

    transport_maps =
    proxy:mysql:/etc/postfix/mysql-transport.cf,
    pcre:/etc/postfix/static-transport.pcre
    fax_destination_recipient_limit = 1

    canonical_maps = btree:/etc/postfix/canonical

    virtual_alias_maps =
    proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
    proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_uid_maps = static:910
    virtual_gid_maps = static:910
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/spool/postfix/virtual
    virtual_transport = maildrop
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_limit.cf
    virtual_overquota_bounce = yes
    # virtual_mailbox_limit = 51200000
    virtual_mailbox_limit_override = yes
    virtual_maildir_extended = yes

    # change queue_lifetime for MX backup server
    bounce_queue_lifetime = 5d
    maximal_queue_lifetime = 5d

    # set max message size to 30 MB
    message_size_limit = 30670000

    relocated_maps = btree:/etc/postfix/relocated
    sender_canonical_maps =

    masquerade_exceptions = root
    masquerade_classes = envelope_sender, header_sender, header_recipient

    masquerade_domains = $mydomain
    defer_transports =

    disable_dns_lookups = no

    strict_rfc821_envelopes = yes
    smtpd_helo_required = yes

    # restriction classes
    smtpd_restriction_classes =
    restrictions_0,
    restrictions_1,
    restrictions_2,
    restrictions_3,
    restrictions_4,
    restrictions_5,
    restrictions_6,
    restrictions_7,
    restrictions_8,
    restrictions_9

    restrictions_0 = permit_mynetworks

    # reject codes: mailadress, reject on client access table ,not dns based hostname
    unknown_address_reject_code = 554
    unknown_hostname_reject_code = 554
    unknown_client_reject_code = 450

    # sender (user@domain.tld)/hostname (host.domain.tld) not fqdn; mailservers without reverse DNS entry
    restrictions_1 =
    reject_unknown_client_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_hostname,

    # use access list
    restrictions_2 =
    check_client_access btree:/etc/postfix/access_client

    restrictions_3 =
    reject_non_fqdn_sender,
    reject_non_fqdn_hostname,
    reject_unknown_client_hostname,
    check_client_access btree:/etc/postfix/access_client

    # use dyn-clientlist filter
    restrictions_4 =
    reject_non_fqdn_sender,
    reject_non_fqdn_hostname,
    reject_unknown_client_hostname,
    check_client_access pcre:/etc/postfix/access_dyn_clients.pcre,
    check_client_access btree:/etc/postfix/access_client

    restrictions_5 =
    permit_mynetworks

    restrictions_6 =
    permit_mynetworks

    restrictions_7 =
    permit_mynetworks

    restrictions_8 =
    permit_mynetworks

    # block all external e-mails
    restrictions_9 = REJECT

    smtpd_helo_restrictions =

    smtpd_sender_restrictions =

    smtpd_client_restrictions =

    smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unlisted_recipient,
    reject_unauth_destination,
    check_client_access proxy:mysql:/etc/postfix/mysql-client_access.cf,
    check_recipient_access proxy:mysql:/etc/postfix/mysql-recipient_access.cf,
    check_sender_access proxy:mysql:/etc/postfix/mysql-sender_access.cf,
    reject_invalid_helo_hostname,
    check_client_access pcre:/etc/postfix/access_clientblocks.pcre,
    proxy:mysql:/etc/postfix/mysql-virtual_restrictions.cf,
    check_sender_mx_access proxy:cidr:/etc/postfix/bogus_mx.cidr,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client ix.dnsbl.manitu.net,
    check_policy_service inet:127.0.0.2:10031,
    permit

    smtpd_data_restrictions =
    permit_sasl_authenticated,
    check_client_access cidr:/etc/postfix/spam_check.cidr

    milter_default_action = accept

    smtpd_milters =

    mime_header_checks = pcre:/etc/postfix/mime_header_checks.pcre
    header_checks = pcre:/etc/postfix/header_checks.pcre
    content_filter = scan:[127.0.0.2]:10025
    receive_override_options = no_address_mappings

    minimal_backoff_time = 300s


    smtp_use_tls = no
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = btree:/etc/postfix/smtp_auth
    smtp_sasl_security_options =
    smtp_sender_dependent_authentication = yes

    #---------- SASL ----------------------------------------------------
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes

    #---------- TLS -----------------------------------------------------
    tls_daemon_random_source = dev:/dev/urandom
    tls_random_source = dev:/dev/urandom
    tls_random_prng_update_period = 3600s
     
  4. Till

    Till Administrator

    Die smtpd_recipient_restrictions sehen soweit ok aus. Kannst Du denn die RBL Server anpingen. möglichwrweise hast Du ein Problem mit der DNS Auflösung.
     
  5. skorpion2001

    skorpion2001 New Member

    An der Namensauflösung liegt es nicht die Server sind anpingbar, es scheint mir als ob der Postfix erst gar nicht versucht die Server zu erreichen. Einen Versuch der Namensauflösung noch des Verbindungsaufbaues kann ich im Routerlog finden.
     

Diese Seite empfehlen