dnswl doesn't work?
in [Postfix]
|
Prev: Solved: how to get mails out of deferred queue ? (mail loop issuehas been resolved in the meantime)
Next: mailing lists and "unknown mail transport error"
From: Chris St Denis on 3 Aug 2010 17:42 I've setup a dns whitelist from dnswl.org as per the instructions here: http://www.dnswl.org/tech#postfix However I've discovered it doesn't work, because I rejected an email coming from a gmail server that got itself blacklisted by sorbs, but it is on the whitelist. Why is this not working? Log of email transaction Aug 3 14:01:25 server postfix/smtpd[24064]: connect from mail-wy0-f180.google.com[74.125.82.180] Aug 3 14:01:26 server postfix/smtpd[24064]: NOQUEUE: reject: RCPT from mail-wy0-f180.google.com[74.125.82.180]: 554 5.7.1 Service unavailable; Client host [74.125.82.180] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?74.125.82.180; from=<removed(a)gmail.com> to=<removed(a)removed.com> proto=ESMTP helo=<mail-wy0-f180.google.com> Aug 3 14:01:26 server postfix/smtpd[24064]: disconnect from mail-wy0-f180.google.com[74.125.82.180] my restrictions smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, *check_client_access cidr:/usr/local/etc/postfix/postfix-dnswl-permit,* reject_rbl_client zen.spamhaus.org, *reject_rbl_client dnsbl.sorbs.net,* check_policy_service inet:127.0.0.1:10031 server# grep -C 5 '74.125.82.180' /usr/local/etc/postfix/postfix-permit 74.125.83.44/32 permit_auth_destination none google.com DNSWLId 1429 74.125.83.43/32 permit_auth_destination none google.com DNSWLId 1429 74.125.83.42/32 permit_auth_destination none google.com DNSWLId 1429 74.125.83.41/32 permit_auth_destination none google.com DNSWLId 1429 74.125.82.187/32 permit_auth_destination none google.com DNSWLId 1429 *74.125.82.180/32 permit_auth_destination none google.com DNSWLId 1429* 74.125.82.174/32 permit_auth_destination none google.com DNSWLId 1429 74.125.82.173/32 permit_auth_destination none google.com DNSWLId 1429 74.125.82.172/32 permit_auth_destination none google.com DNSWLId 1429 74.125.82.69/32 permit_auth_destination none google.com DNSWLId 1429 74.125.82.65/32 permit_auth_destination none google.com DNSWLId 1429 The destination domain is in my virtual_mailbox_domains, and destination email address in my virtual_mailbox_maps
From: Noel Jones on 3 Aug 2010 17:52 On 8/3/2010 4:42 PM, Chris St Denis wrote: > I've setup a dns whitelist from dnswl.org as per the > instructions here: http://www.dnswl.org/tech#postfix > > However I've discovered it doesn't work, because I rejected an > email coming from a gmail server that got itself blacklisted > by sorbs, but it is on the whitelist. > > Why is this not working? > > > Log of email transaction > > Aug 3 14:01:25 server postfix/smtpd[24064]: connect from > mail-wy0-f180.google.com[74.125.82.180] > Aug 3 14:01:26 server postfix/smtpd[24064]: NOQUEUE: > reject: RCPT from mail-wy0-f180.google.com[74.125.82.180]: > 554 5.7.1 Service unavailable; Client host [74.125.82.180] > blocked using dnsbl.sorbs.net; Currently Sending Spam See: > http://www.sorbs.net/lookup.shtml?74.125.82.180; > from=<removed(a)gmail.com> to=<removed(a)removed.com> > proto=ESMTP helo=<mail-wy0-f180.google.com> > Aug 3 14:01:26 server postfix/smtpd[24064]: disconnect > from mail-wy0-f180.google.com[74.125.82.180] > > my restrictions > > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, > reject_invalid_hostname, > reject_unknown_recipient_domain, > reject_unauth_destination, > reject_invalid_helo_hostname, > reject_non_fqdn_helo_hostname, > *check_client_access > cidr:/usr/local/etc/postfix/postfix-dnswl-permit,* > reject_rbl_client zen.spamhaus.org, > *reject_rbl_client dnsbl.sorbs.net,* > check_policy_service inet:127.0.0.1:10031 > > server# grep -C 5 '74.125.82.180' > /usr/local/etc/postfix/postfix-permit > > 74.125.83.44/32 permit_auth_destination none google.com > DNSWLId 1429 > 74.125.83.43/32 permit_auth_destination none google.com > DNSWLId 1429 > 74.125.83.42/32 permit_auth_destination none google.com > DNSWLId 1429 > 74.125.83.41/32 permit_auth_destination none google.com > DNSWLId 1429 > 74.125.82.187/32 permit_auth_destination none google.com > DNSWLId 1429 > *74.125.82.180/32 permit_auth_destination none google.com > DNSWLId 1429* > 74.125.82.174/32 permit_auth_destination none google.com > DNSWLId 1429 > 74.125.82.173/32 permit_auth_destination none google.com > DNSWLId 1429 > 74.125.82.172/32 permit_auth_destination none google.com > DNSWLId 1429 > 74.125.82.69/32 permit_auth_destination none google.com > DNSWLId 1429 > 74.125.82.65/32 permit_auth_destination none google.com > DNSWLId 1429 > > > The destination domain is in my virtual_mailbox_domains, and > destination email address in my virtual_mailbox_maps Do you have reject_rbl_client dnsbl.sorbs.net somewhere else in your config? Show us your postconf -n output. Did you run "postfix reload" after editing main.cf? -- Noel Jones
From: Ralf Hildebrandt on 4 Aug 2010 03:13 * Chris St Denis <chris(a)smartt.com>: > I've setup a dns whitelist from dnswl.org as per the instructions > here: http://www.dnswl.org/tech#postfix > > However I've discovered it doesn't work, because I rejected an email > coming from a gmail server that got itself blacklisted by sorbs, but > it is on the whitelist. > > Why is this not working? Wrong filename > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, > reject_invalid_hostname, > reject_unknown_recipient_domain, > reject_unauth_destination, > reject_invalid_helo_hostname, > reject_non_fqdn_helo_hostname, > *check_client_access cidr:/usr/local/etc/postfix/postfix-dnswl-permit,* cidr:/usr/local/etc/postfix/postfix-dnswl-permit > server# grep -C 5 '74.125.82.180' /usr/local/etc/postfix/postfix-permit /usr/local/etc/postfix/postfix-permit -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Chris St Denis on 4 Aug 2010 15:02
On 8/4/2010 12:13 AM, Ralf Hildebrandt wrote: > * Chris St Denis<chris(a)smartt.com>: >> I've setup a dns whitelist from dnswl.org as per the instructions >> here: http://www.dnswl.org/tech#postfix >> >> However I've discovered it doesn't work, because I rejected an email >> coming from a gmail server that got itself blacklisted by sorbs, but >> it is on the whitelist. >> >> Why is this not working? > Wrong filename > >> smtpd_recipient_restrictions = permit_mynetworks, >> permit_sasl_authenticated, >> reject_invalid_hostname, >> reject_unknown_recipient_domain, >> reject_unauth_destination, >> reject_invalid_helo_hostname, >> reject_non_fqdn_helo_hostname, >> *check_client_access cidr:/usr/local/etc/postfix/postfix-dnswl-permit,* > cidr:/usr/local/etc/postfix/postfix-dnswl-permit > >> server# grep -C 5 '74.125.82.180' /usr/local/etc/postfix/postfix-permit > /usr/local/etc/postfix/postfix-permit > Thanks, figured it would be something obvious I was missing. Both files actually exist, but postfix-permit is the one being updated. postfix-dnswl-permit was being checked, but was far out of date. |