[Postfixbuch-users] Postfixrelay mit Whitelist undBlacklist Kombination
TN96web at gmx.de
TN96web at gmx.de
Di Mär 4 23:23:49 CET 2008
Hi,
hier postconf...
ich würd halt gern den reciepient check nach der black und der white list haben....
vg
andy
alias_maps = hash:/etc/aliases
bounce_size_limit = 1000
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 2
defer_transports =
disable_dns_lookups = no
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix/html
in_flow_delay = 10s
inet_interfaces = 127.0.0.1,192.168.1.10
local_transport = smtp:[192.168.1.11]
mailbox_size_limit = 512000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_exceptions = root
message_size_limit = 102400000
mydomain = xxxx.de
myhostname = mail.xxxx.de
mynetworks = $internal_mail,127.0.0.0/8,192.168.1.10-250,192.168.1.10
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = xxxx.de
relayhost = esmtp.artfiles.de
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_banner = $myhostname ESMTP
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unauth_pipelining, permit
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_recipient, check_client_access cidr:/etc/postfix/wl/postfix-dnswl-header, check_client_access cidr:/etc/postfix/wl/postfix-dnswl-permit, check_sender_access hash:/etc/postfix/sender_white, check_client_access hash:/etc/postfix/client_white, check_recipient_access hash:/etc/postfix/recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client list.dsbl.org, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client bl.csma.biz, reject_rbl_client bl.spamcannibal.org, reject_rbl_client db.wpbl.info, reject_rbl_client dnsbl.njabl.org
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access, check_sender_access hash:/etc/postfix/access permit
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
unverified_recipient_reject_code = 550
-------- Original-Nachricht --------
> Datum: Fri, 29 Feb 2008 07:52:47 +0100
> Von: "Uwe Driessen" <driessen at fblan.de>
> An: "\'Eine Diskussionsliste rund um das Postfix-Buch von Peer Heinlein.\'" <postfixbuch-users at listi.jpberlin.de>
> Betreff: Re: [Postfixbuch-users] Postfixrelay mit Whitelist undBlacklist Kombination
> Ralf Hildebrandt schrieb:
> > * "Andrea Spörl" <TN96web at gmx.de>:
> > > Hi Ralf,
> > >
> > > das ist die Whitelist, ist die dnswl.org die hol ich mir per rsync, da
> ich nicht raus
> > gefunden hab wie das via dns geht.
> >
> > Hey, guter Workaround!
> > Respekt.
> >
> > Lösung ist, daß du das mit restriction_classes baust
>
>
> Am Beispiel von selectivem Greylisting
>
> Main.cf :
> ------------
> smtpd_restriction_classes =
> greylisting
>
> greylisting = check_policy_service inet:127.0.0.1:60000
>
>
> smtpd_recipient_restrictions = ............
> .............
> permit_sasl_authenticated,
> ......
> check_client_access pcre:/etc/postfix/maps/dialups.grey,
>
>
> dialups.grey:
> ------------
> /(\-.+){4}$/ greylisting
> /(\..+){4}$/ greylisting
> # everything with 3 or more dots/hyphens in the hostname
>
> /(^|[0-9.x_-])(abo|br(e|oa)dband|cabel|(hk)?cablep?|catv|cbl|cidr|d?client2?|cust(omer)?s?
> |dhcp|dial?(in|up)?|d[iu]p|[asx]?dsld?|dyn(a(dsl|mic)?)?|home|in-addr|modem(cable)?|(di)?p
> ool|ppp|ptr|rev|static|user|YahooBB[0-9]{12}|c[[:alnum:]]{6,}(\.[a-z]{3})?\.virtua|[1-9]Cu
> st[0-9]+|AC[A-Z][0-9A-F]{5}\.ipt|pcp[0-9]{6,}pcs|S0106[[:alnum:]]{12,}\.[a-z]{2})[0-9.x_-]
> / greylisting
>
>
> Das abweisen sollte lt. Deiner config schon vor dem Whitelisten passieren
>
> reject_unverified_recipient
> Reject the request when mail to the RCPT TO address is known to bounce, or
> when the
> recipient address destination is not reachable. Address verification
> information is
> managed by the verify(8) server; see the ADDRESS_VERIFICATION_README file
> for details.
>
> The unverified_recipient_reject_code parameter specifies the response when
> an address is
> known to bounce (default: 450, change into 550 when you are confident that
> it is safe to
> do so). Postfix replies with 450 when an address probe failed due to a
> temporary problem.
> This feature is available in Postfix 2.1 and later.
>
> unverified_recipient_reject_code = 550 gesetzt??
> Irgend welche Wildcards/Catchall in den Adresslisten ?
>
> Statt Empfänger verify nach Möglichkeit die Adresslisten local halten
> und gegen das
> dahinterliegende System syncronisieren.
>
> reject_unlisted_recipient,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unlisted_sender,
> reject_unauth_destination,
>
> reject_unauth_destination
> Reject the request unless one of the following is true:
> Postfix is mail forwarder: the resolved RCPT TO address matches
> $relay_domains or a
> subdomain thereof, and contains no sender-specified routing
> (user at elsewhere@domain),
> Postfix is the final destination: the resolved RCPT TO address matches
> $mydestination,
> $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or
> $virtual_mailbox_domains,
> and contains no sender-specified routing (user at elsewhere@domain).
> The relay_domains_reject_code parameter specifies the response code for
> rejected requests
> (default: 554).
>
> (http://www.postfix.org/postconf.5.html da gibt es alles übersichtlich
> und gut erklärt)
>
>
> check_client_access cidr:/etc/postfix/wl/postfix-dnswl-header,
> check_client_access cidr:/etc/postfix/wl/postfix-dnswl-permit,
>
> statt OK muß dann dort die restriktionclass stehen in die verzweigt
> werden soll
>
>
> Zeig mal Ausgabe von postconf -n
>
>
> Mit freundlichen Grüßen
>
> Drießen
>
> --
> Software & Computer
> Uwe Drießen
> Lembergstraße 33
> 67824 Feilbingert
> Tel.: 06708 / 660045 Fax: 06708 / 661397
>
> --
> _______________________________________________
> Postfixbuch-users -- http://www.postfixbuch.de
> Heinlein Professional Linux Support GmbH
>
> Postfixbuch-users at listi.jpberlin.de
> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
--
Psst! Geheimtipp: Online Games kostenlos spielen bei den GMX Free Games!
http://games.entertainment.web.de/de/entertainment/games/free
Mehr Informationen über die Mailingliste Postfixbuch-users