spam.blacklist.rules Syntax question
Hugo van der Kooij
hvdkooij at vanderkooij.org
Mon Mar 5 18:04:17 CET 2007
On Mon, 5 Mar 2007, Glenn Steen wrote:
> On 05/03/07, Glenn Steen <glenn.steen at gmail.com> wrote:
>> On 05/03/07, am.lists <am.lists at gmail.com> wrote:
>> (snip)
>> > > > Would this be better moved to a postfix block instead of where I'm
>> > > > [attempting] to do it?
>> > > Might be a good idea, saves even more.
>> >
>> > The only downside is I don't get the instrumentation of how effective
>> > my blocking is if I do it there, right?
>> >
>> Quite true. Blocking later in the processing will give you more
>> information to work with... The question you should perhaps ask
>> yourself is "is it worth it";-).
> But (unless my memory fails me completely ... I cannot use things like
> this due to laws/policy... Don't ask) you should still get a fairly
> informative log entry to the effect that it had been dropped... Unless
> you use FW rules to do the blocking:)
I do delay the postfix blocking actions untill I have:
- foreign IP
- helo
- sender
- recipient
That will give enough information in the log like:
Mar 5 17:59:53 faramir postfix/smtpd[24556]: NOQUEUE: reject: RCPT from
g207070.upc-g.chello.nl[80.57.207.70]: 554
<g207070.upc-g.chello.nl[80.57.207.70]>: Client host rejected: Dynamic
(Cable, Dialup or DSL) network access denied; Use a smarthost instead
(http://en.wikipedia.org/wiki/Smart_host); from=<opabxlegtyu at chello.nl>
to=<whois at vanderkooij.org> proto=ESMTP helo=<g207070.upc-g.chello.nl>
For postfix you need in main.conf:
# Delay reject untill we know enough
smtpd_delay_reject = yes
Hugo.
--
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for the insight.)
More information about the MailScanner
mailing list