 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | May-2008 | Next-Thread | Next-Msg |
| Subject: | Re: For each check_ns or each check_mx, the value is not cached? |
| Group: | Postfix-users |
| From: | mouss |
| Date: | 6 May 2008 |
>
>
> On Tue, 6 May 2008, mouss wrote:
>
>> Justin Piszcz wrote:
>>>
>>>
>>> On Tue, 6 May 2008, Justin Piszcz wrote:
>>>
>>>> I have multiple check_ns and check_mx for different rule sets but
>>>> it also looks like it tries to lookup the NS or MX per each rule set.
>>>>
>>>> It appears I should try and combine all my files into one and use a
>>>> single check, or is there another way to do it so this does not occur?
>>>>
>>>> May 6 07:16:04 l1 postfix/smtpd[8626]: connect from
>>>> unknown[122.162.120.129]
>>>> May 6 07:16:05 l1 postfix/smtpd[8626]: warning: Unable to look up
>>>> NS host for ABTS-NCR-Dynamic-129.120.162.122.airtelbroadband.in:
>>>> Host not found
>>>> May 6 07:16:05 l1 postfix/smtpd[8626]: warning: Unable to look up
>>>> MX host for ABTS-NCR-Dynamic-129.120.162.122.airtelbroadband.in:
>>>> Host not found
>>>> May 6 07:16:05 l1 postfix/smtpd[8626]: warning: Unable to look up
>>>> MX host for ABTS-NCR-Dynamic-129.120.162.122.airtelbroadband.in:
>>>> Host not found
>>>> May 6 07:16:05 l1 postfix/smtpd[8626]: warning: Unable to look up
>>>> NS host for ABTS-NCR-Dynamic-129.120.162.122.airtelbroadband.in:
>>>> Host not found
>>>> May 6 07:16:05 l1 postfix/smtpd[8626]: warning: Unable to look up
>>>> MX host for ABTS-NCR-Dynamic-129.120.162.122.airtelbroadband.in:
>>>> Host not found
>>>> May 6 07:16:05 l1 postfix/smtpd[8626]: warning: Unable to look up
>>>> NS host for ABTS-NCR-Dynamic-129.120.162.122.airtelbroadband.in:
>>>> Host not found
>>>>
>>>> Example:
>>>> check_client_access
>>>> cidr:/etc/postfix/sbl_drop_peer_list.cidr,
>>>> check_helo_mx_access
>>>> cidr:/etc/postfix/sbl_drop_peer_list.cidr,
>>>> check_helo_ns_access
>>>> cidr:/etc/postfix/sbl_drop_peer_list.cidr,
>>>> check_sender_mx_access
>>>> cidr:/etc/postfix/sbl_drop_peer_list.cidr,
>>>> check_sender_ns_access
>>>> cidr:/etc/postfix/sbl_drop_peer_list.cidr
>>
>> what are
>> check_helo_mx_access
>> check_helo_ns_access
>> check_sender_ns_access
>> ?
>>
>> I don't see what you're trying to achieve anyway.
>>
>
> For some reason, one of the domains I help manage has been targetted by
> spammers that are listed in the sbl_drop list. So, I use every method
> available that associates itself with those IP addresses in anyway to
> block
> and reject the e-mail that comes from them.
The SBL DROP list is for your firewall. it's not for helo, NS or MX.
if you know of domains that set their NS or MX to a client in the DROP
list, please share it so that the domains are blocklisted.
if you get too much spam "for your taste", show logs or headers and we
will suggest how to better block it. there are various checks that you
can use, but as usual, there is a tradeoff (when you increase your spam
hit rate, you also increase "some measure" of false positives).
Here,
- reject_non_fqdn_helo_hostname rejects between 15% and 40% of spam (in
terms of transactions, not in terms of clients).
- "literal IP helo" rejects between 13% and 42% (again, in terms of
transactions).
these checks may however be too aggressive for your site.
| Prev-Msg | Prev-Thread | Postfix-users | May-2008 | Next-Thread | Next-Msg |