LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   rbl problem with postfix-amavisd-spamassassin (http://www.linuxquestions.org/questions/linux-server-73/rbl-problem-with-postfix-amavisd-spamassassin-519313/)

rointy 01-14-2007 08:33 PM

rbl problem with postfix-amavisd-spamassassin
 
I'm running into problems trying to use rbl blocking for spam. Running postfix, amavisd-new, and spamassassin. All mail seems to get blocked. I get the following line in the log file:

Quote:

Service unavailable; Client host [68.142.236.173] blocked using zen.spamhaus.org
This was mail I sent to myself from yahoo mail. When I go to zen.spamhaus.org the ip address is not on any of the block lists. Same happens no matter what the ip address from yahoo mail.

Any ideas what to do?


Here's what I have in my main.cf file:
Code:

    smtpd_recipient_restrictions =
      permit_mynetworks,
      reject_unknown_sender_domain,
      reject_unknown_recipient_domain,
      reject_unauth_destination,
      reject_rbl_client zen.spamhaus.org,
      permit

master.cf:

Code:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#              (yes)  (yes)  (yes)  (never) (100)
# ==========================================================================
smtp      inet  n      -      y      -      -      smtpd    -v

pickup  fifo    n      -      y      60      1      pickup
cleanup unix    n      -      y      -      0      cleanup
qmgr    fifo    n      -      y      300    1      qmgr
tlsmgr  unix    -      -      y      1000?  1      tlsmgr
rewrite unix    -      -      y      -      -      trivial-rewrite
bounce  unix    -      -      y      -      0      bounce
defer  unix    -      -      y      -      0      bounce
trace  unix    -      -      y      -      0      bounce
verify  unix    -      -      y      -      1      verify
flush  unix    n      -      y      1000?  0      flush
proxymap        unix    -      -      y      -      -      proxymap
smtp    unix    -      -      y      -      -      smtp    -v
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay  unix    -      -      y      -      -      smtp
        -o      fallback_relay=                y
#      -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq  unix    n      -      y      -      -      showq
error  unix    -      -      y      -      -      error
discard unix    -      -      y      -      -      discard
local    unix  -      n      n      -      -      local
virtual unix    -      n      y      -      -      virtual

lmtp    unix    -      -      y      -      -      lmtp
anvil  unix    -      -      y      -      1      anvil
scache  unix    -      -      y      -      1      scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================

# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -      n      n      -      -      pipe 
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -      n      n      -      -      pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus    unix  -      n      n      -      -      pipe 
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -      n      n      -      -      pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#     
# Other external delivery methods.
#
ifmail    unix  -      n      n      -      -      pipe 
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp    unix  -      n      n      -      -      pipe 

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient


 


################################################################
##########      Added 12/25/06 for SpamAssassin    ###########
################################################################

smtp-amavis unix - - n - 2 smtp              -v
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
      -o max_use=20
127.0.0.1:10025 inet n - y - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks


If I use reject_rbl_client sbl-xbl.spamhaus.org the mail doesn't go through.

Increasing the output for the log file I get the following:

>
Quote:

>> START Recipient address RESTRICTIONS <<<
[26210]: generic_checks: name=permit_mynetworks
[26210]: permit_mynetworks: web58410.mail.re3.yahoo.com 68.142.236.178
[26210]:match_hostname: web58410.mail.re3.yahoo.com ~? 127.0.0.1/32
[26210]:match_hostaddr: 68.142.236.178 ~? 127.0.0.1/32
[26210]:match_hostname: web58410.mail.re3.yahoo.com ~? 192.168.1.0/24
[26210]:match_hostaddr: 68.142.236.178 ~? 192.168.1.0/24
[26210]:match_list_match: web58410.mail.re3.yahoo.com: no match
[26210]:match_list_match: 68.142.236.178: no match
[26210]:
[26210]:generic_checks: name=permit_mynetworks status=0
[26210]:generic_checks: name=reject_unknown_sender_domain
[26210]:reject_unknown_address: test@yahoo.com
[26210]:ctable_locate: move existing entry key test@yahoo.com
[26210]:reject_unknown_mailhost: yahoo.com
[26210]:lookup yahoo.com type MX flags 0
[26210]:dns_query: yahoo.com (MX): OK
[26210]:dns_get_answer: type MX for yahoo.com
[26210]:dns_get_answer: type MX for yahoo.com
[26210]: dns_get_answer: type MX for yahoo.com
[26210]:dns_get_answer: type MX for yahoo.com
[26210]:dns_get_answer: type MX for yahoo.com
[26210]:dns_get_answer: type MX for yahoo.com
[26210]:dns_get_answer: type MX for yahoo.com
[26210]:generic_checks: name=reject_unknown_sender_domain status=0
[26210]:generic_checks: name=reject_unknown_recipient_domain
[26210]:reject_unknown_address: me@mydomain.com
[26210]:ctable_locate: move existing entry key me@mydomain.com
[26210]:generic_checks: name=reject_unknown_recipient_domain status=0
[26210]:generic_checks: name=reject_unauth_destination
[26210]:reject_unauth_destination: me@mydomain.com
[26210]permit_auth_destination: me@myhdomain.com
[26210]:ctable_locate: leave existing entry key me@mydomain.com
[26210]:generic_checks: name=reject_unauth_destination status=0
[26210]:generic_checks: name=reject_rbl_client
[26210]:reject_rbl: Client host 68.142.236.178
[26210]:dns_query: 178.236.142.68.sbl-xlb.spamhaus.org (A): OK
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]: dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:dns_query: 178.236.142.68.sbl-xlb.spamhaus.org (TXT): Host not found
[26210]:ctable_locate: install entry key 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:NOQUEUE: reject: RCPT from web58410.mail.re3.yahoo.com[68.142.236.178]:
554 5.7.1 Service unavailable; Client host [68.142.236.178]
blocked using sbl-xlb.spamhaus.org; from=<test@yahoo.com>
to=<me@mydomain.com> proto=SMTP helo=<web58410.mail.re3.yahoo.com>
[26210]:generic_checks: name=reject_rbl_client status=2
[26210]: > web58410.mail.re3.yahoo.com[68.142.236.178]:
554 5.7.1 Service unavailable; Client host
[68.142.236.178] blocked using sbl-xlb.spamhaus.org
[26210]:< web58410.mail.re3.yahoo.com[68.142.236.178]: QUIT
[26210]:> web58410.mail.re3.yahoo.com[68.142.236.178]: 221 2.0.0 Bye
[26210]:match_hostname: web58410.mail.re3.yahoo.com ~? 127.0.0.1/32
[26210]:match_hostaddr: 68.142.236.178 ~? 127.0.0.1/32
[26210]:match_hostname: web58410.mail.re3.yahoo.com ~? 192.168.1.0/24
[26210]:match_hostaddr: 68.142.236.178 ~? 192.168.1.0/24
[26210]:match_hostaddr: 68.142.236.178 ~? 192.168.1.0/24
[26210]:match_list_match: web58410.mail.re3.yahoo.com: no match
[26210]:match_list_match: 68.142.236.178: no match
[26210]:send attr request = disconnect
[26210]:send attr ident = smtp:68.142.236.178
[26210]private/anvil: wanted attribute: status
[26210]:input attribute name: status
[26210]:input attribute value: 0
[26210]private/anvil: wanted attribute: (list terminator)
[26210]:input attribute name: (end)
[26210]:disconnect from web58410.mail.re3.yahoo.com[68.142.236.178]
[26210]:master_notify: status 1
[26210]: connection closed

rointy 01-15-2007 11:16 PM

Working
 
Without changing anything, the rbl now works. Can't understand what changed. Didn't edit any files, didn't reboot, didn't comment out anything.

Berhanie 01-16-2007 12:26 AM

Something screwy's going on. A few hours ago, I did a lookup of 178.236.142.68.sbl-xlb.spamhaus.org and got several A records in the 209.x.x.x range. According to the spamhaus site, they should all be in the 127.0.0.x range. Seems to be okay now.

rointy 01-23-2007 09:00 AM

Quote:

Originally Posted by Berhanie
Something screwy's going on. <snip> Seems to be okay now.

I think things are working, but I can't tell if I'm NOT getting mail. And I'm not using zen.spamhaus.org. If spamhaus is having trouble, I wouldn't think it would be blocking valid mail. There haven't been any other messages I could find about similar problems.

Berhanie 01-23-2007 11:01 AM

Quote:

If spamhaus is having trouble, I wouldn't think it would be blocking valid mail.
Spamhaus never blocks mail. All it does is return an A record, if one exists. By default, when using reject_rbl_client, Postfix rejects mail on return of any A record. To reject mail only for specific A records, you can put:
Code:

smtpd_recipient_restrictions =
  ...
  reject_rbl_client zen.spamhaus.org=127.0.0.2
  reject_rbl_client zen.spamhaus.org=127.0.0.4
  reject_rbl_client zen.spamhaus.org=127.0.0.5
  ...

The A records that indicate rejection are mentioned here.

rointy 01-25-2007 02:24 AM

Quote:

Originally Posted by Berhanie
Spamhaus never blocks mail. All it does is return an A record, if one exists. By default, when using reject_rbl_client, Postfix rejects mail on return of any A record.

You're right. It's true that spamhaus wasn't blocking the mail. Postfix rejected the mail based on the response to running a query at spamhaus. The log I posted showed the reject line.

Things are still working and I don't know why they weren't. Any clue from the log I posted earlier?

Berhanie 01-25-2007 11:01 AM

As to the what the log you posted shows, it confirms that an A record was returned from spamhaus (hence the mail was rejected):

Code:

>> START Recipient address RESTRICTIONS <<<
[26210]: generic_checks: name=permit_mynetworks
[26210]: permit_mynetworks: web58410.mail.re3.yahoo.com 68.142.236.178
...
[26210]:reject_rbl: Client host 68.142.236.178
[26210]:dns_query: 178.236.142.68.sbl-xlb.spamhaus.org (A): OK
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]: dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org
[26210]:dns_get_answer: type A for 178.236.142.68.sbl-xlb.spamhaus.org

And, here's a sample from my logs, showing an unsuccessful query for a yahoo host against spamhaus
(hence mail is accepted):

Code:

Jan 15 18:11:16 machine postfix/smtpd[5412]: >>> START Client host RESTRICTIONS <<<
Jan 15 18:11:16 machine postfix/smtpd[5412]: generic_checks: name=permit_mynetworks
Jan 15 18:11:16 machine postfix/smtpd[5412]: permit_mynetworks: web34504.mail.mud.yahoo.com 66.163.178.170
...
Jan 15 18:11:16 machine postfix/smtpd[5412]: reject_rbl: Client host 66.163.178.170
Jan 15 18:11:16 machine postfix/smtpd[5412]: dns_query: 170.178.163.66.sbl-xbl.spamhaus.org (A): Host not found

Unfortunately, it's happening again. I just did another lookup:

Code:

berhanie@machine:~$ host 68.142.236.178
178.236.142.68.in-addr.arpa domain name pointer web58410.mail.re3.yahoo.com.
berhanie@machine:~$ host 178.236.142.68.sbl-xlb.spamhaus.org
178.236.142.68.sbl-xlb.spamhaus.org has address 209.86.66.90
178.236.142.68.sbl-xlb.spamhaus.org has address 209.86.66.91
178.236.142.68.sbl-xlb.spamhaus.org has address 209.86.66.92
178.236.142.68.sbl-xlb.spamhaus.org has address 209.86.66.93
178.236.142.68.sbl-xlb.spamhaus.org has address 209.86.66.94
178.236.142.68.sbl-xlb.spamhaus.org has address 209.86.66.95
Host 178.236.142.68.sbl-xlb.spamhaus.org not found: 3(NXDOMAIN)
Host 178.236.142.68.sbl-xlb.spamhaus.org not found: 3(NXDOMAIN)



All times are GMT -5. The time now is 11:49 AM.