| 1 |
On a gentoo mailserver, I'm running Postfix 2.6.5 - and, having followed |
| 2 |
some howto or other, quite a long time ago, I have this section at the |
| 3 |
end of my main.cf: |
| 4 |
|
| 5 |
-- |
| 6 |
smtpd_recipient_restrictions = |
| 7 |
permit_mynetworks, |
| 8 |
permit_sasl_authenticated, |
| 9 |
reject_unauth_destination, |
| 10 |
reject_non_fqdn_sender, |
| 11 |
reject_rbl_client sbl-xbl.spamhaus.org, |
| 12 |
reject_rbl_client list.dsbl.org, |
| 13 |
reject_rbl_client bl.spamcop.net, |
| 14 |
reject_unknown_sender_domain, |
| 15 |
reject_rhsbl_sender bogusmx.rfc-ignorant.org |
| 16 |
-- |
| 17 |
|
| 18 |
While it might not be optimal, it worked extremely well for a long |
| 19 |
time. The block lists were a godsend as I receive(d) quite a lot of |
| 20 |
spam which had threatened to bog down spamassassin. For ages, I just |
| 21 |
used my ISP's SMTP server to send, and only received on my own. |
| 22 |
|
| 23 |
I've bought a smart phone (an HTC HD2 on Windows Mobile 6.5) and need to |
| 24 |
use it to access my email on this server - both via mobile and Wi-Fi |
| 25 |
connectivity. The IMAP(s) side works OK for my inbox (after a few |
| 26 |
dovecot tweaks) - and, after a setting up SASL, I can now send email |
| 27 |
from my phone via my own SMTP server, which gateways this to my ISP... |
| 28 |
all secured by a complex password. So far, so good - and I can send |
| 29 |
email from home over Wi-Fi from my phone. The problem arises |
| 30 |
elsewhere... where I'm not connected to my local (W)LAN (i.e. where I'm |
| 31 |
not in "permit_mynetworks") - where the phone reports: |
| 32 |
|
| 33 |
-- |
| 34 |
The server returned the following error message: |
| 35 |
|
| 36 |
554 5.7.1 Service unavailable; Client host 149.254.48.170 blocked using |
| 37 |
sbl-xbl.spamhouse.org; http://www.spamhous.org/query/bl?ip=149.254.48.170 |
| 38 |
-- |
| 39 |
|
| 40 |
The block comes as no surprise as 149.254.48.170 isn't exclusively under |
| 41 |
my control - and, likely, is a vector for lots of spam - now mobile data |
| 42 |
services are cheap and difficult to trace. What I didn't expect is for |
| 43 |
my connection to be rejected even though I had the right username and |
| 44 |
password. |
| 45 |
|
| 46 |
So... the questions: |
| 47 |
|
| 48 |
* How can I alter the configuration to process email from blocked |
| 49 |
locations if and only if the client authenticates? |
| 50 |
* How can I verify that SMTP auth has been done (when connecting from my |
| 51 |
LAN) - it would be a disaster if I inadvertently created an open relay. |
| 52 |
(I don't think I have - but better safe than sorry, etc.) |
| 53 |
|
| 54 |
Thanks in advance for any replies... |
Archives