View Single Post
  #15  
Old 15th January 2011, 02:05
mintydave mintydave is offline
Junior Member
 
Join Date: Dec 2010
Posts: 23
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Rocky View Post
If an entry is found in the whitelist, it bypasses grey, rbl, spf and mailscanner checks. This was something I thought long and hard about because I wanted to have a common whitelist.
Rocky,

I have a conern that on my spamsnake the whitelist managed in Barawa is not behaving as you state above.

I have the following IP in my whitelist:
Code:
46     Any address     216.241.219.0
Then I get this in my syslog:
Code:
Jan 14 14:36:09 curve postfix/smtpd[17734]: NOQUEUE: reject: RCPT from mailout-01.cobaltgroup.com[216.241.219.148]: 450 4.7.1 <fleetguy@carlburger.com>: Recipient address rejected: SPF-Result=mailout-01-n2.tuk.cobaltgroup.com: 'SERVFAIL' error on DNS 'SPF' lookup of 'mailout-01-n2.tuk.cobaltgroup.com'; from=<214425@crm.cobaltgroup.com> to=<nickd@carlburger.com> proto=ESMTP helo=<mailout-01-n2.tuk.cobaltgroup.com>
Just to cover myself, I researched how the SPF actually works and it appears that there should be an SPF record for "mailout-01-n2.tuk.cobaltgroup.com", but there is not, so that is why the server is failing on the DNS lookup.

However, I would prefer that the whitelist just bypasses all the checks and let's the messages through the snake.

Here is my main.cf:

Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = ESMTP SpamSnake
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = curve.dsh.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = dsh.com
mydestination =
relayhost =
mynetworks = 127.0.0.0/8, 192.168.0.0/16, 10.10.0.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 20485760
local_transport = error:No local mail delivery
local_recipient_maps =
relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf
transport_maps = mysql:/etc/postfix/mysql-transports.cf
virtual_alias_maps = hash:/etc/postfix/virtual
disable_vrfy_command = yes
strict_rfc821_envelopes = no
smtpd_delay_reject = yes
smtpd_recipient_limit = 100
smtpd_helo_required = yes
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit
smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining
smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, whitelist_policy
spf_policy = check_policy_service unix:private/policy
rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
grey_policy = check_policy_service unix:private/greyfix
whitelist_policy = check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf
header_checks = regexp:/etc/postfix/header_checks
As always, your input and assistance are greatly appreciated.


Dave.
Deconn Technical Services
Reply With Quote