Mike Fedyk wrote: > On Tue, Nov 16, 2010 at 11:49 AM, Rob Kampen <rkampen at kampensonline.com> wrote: > >> Hi list, >> I have noted over the last week or so my DNS servers are dumping lots of >> messages for bogus domain lookups. Examining the postfix queue with >> postqueue -p: I see many >> (Host or domain name not found. Name service error for >> name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again) >> Jake at bdgiedjhea.po6e4ina.com >> My question - why does this stay in the message queue - why not dumped back >> with message undeliverable or dropped? >> I understand this is probably related to my config - which follows: >> <main.cf> >> > > > Here's what you want (copied from my config): > > maps_rbl_reject_code = 450 > non_fqdn_reject_code = 450 > 450 implies not available try again later - definitely not what I want for blacklisted senders - I want 550 or something that makes their server go up in smoke. > smtpd_delay_reject = yes > smtpd_helo_required = yes > > smtpd_helo_restrictions = > reject_unauth_pipelining > permit_sasl_authenticated > permit_mynetworks > reject_invalid_hostname > reject_non_fqdn_hostname > reject_unknown_helo_hostname > permit > > smtpd_sender_restrictions = > reject_unauth_pipelining > reject_non_fqdn_sender > reject_non_fqdn_recipient > reject_unknown_recipient_domain > reject_unknown_sender_domain > permit > > smtpd_client_restrictions = > # sleep 1 > reject_unauth_pipelining > permit_sasl_authenticated > permit_mynetworks > reject_unknown_client_hostname > permit > > smtpd_recipient_restrictions = > reject_unauth_pipelining > reject_non_fqdn_recipient > reject_unknown_recipient_domain > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > #fully automated RBLs > reject_rbl_client truncate.gbudb.net > reject_rbl_client dnsbl.proxybl.org > reject_rbl_client psbl.surriel.com > reject_rbl_client db.wpbl.info > reject_rbl_client bl.spamcop.net > # reject_rbl_client bl.spamcannibal.org #blocked charles > reject_rbl_client intercept.datapacket.net > reject_rbl_client spamtrap.drbl.drand.net > # reject_rbl_client dnsbl.ahbl.org #blocked godaddy > reject_rbl_client dnsbl-1.uceprotect.net > reject_rbl_client bhnc.njabl.org > reject_rbl_client dnsbl.njabl.org > #larder RBLs with some non-automation and larger ranges of IPs > # reject_rbl_client dnsbl.sorbs.net #(blocked fedora) > # reject_rbl_client dnsbl-2.uceprotect.net > reject_rbl_client dnsbl-3.uceprotect.net > reject_rbl_client zen.spamhaus.org > # reject_rbl_client > # reject_rbl_client dnsbl-2.uceprotect.net, > # check_policy_service unix:private/spfpolicy > # check_policy_service inet:127.0.0.1:10023 > permit > > strict_rfc821_envelopes = yes > smtpd_reject_unlisted_sender = yes > Thanks for sharing your config - when I get some spare time I'll check it out. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- A non-text attachment was scrubbed... Name: rkampen.vcf Type: text/x-vcard Size: 326 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20101127/b92ebcb2/attachment-0005.vcf>