Postfix+rbl restrictions-postmaster/abuse not getting complaints
 

running postfix on debian etch. I want postmaster or at least abuse account to be able to receive emails regarding false postive claims from rbls.
current main.cf:
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/cbl_exceptions
reject_rbl_client cbl.abuseat.org,
reject_rbl_client korea.blackholes.us,
reject_rbl_client russia.blackholes.us,
reject_rbl_client china.blackholes.us,
reject_rbl_client taiwan.blackholes.us,
reject_rbl_client nigeria.blackholes.us,
reject_rbl_client argentina.blackholes.us,
reject_rbl_client brazil.blackholes.us,
reject_rbl_client thailand.blackholes.us,
reject_rbl_client bl.spamcop.net
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/helo_client_exceptions
reject_invalid_helo_hostname,
warn_if_reject,
reject_non_fqdn_helo_hostname,
warn_if_reject,
reject_unknown_helo_hostname
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions =
permit_mynetworks,
check_recipient_access hash:/etc/postfix/postmaster,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
permit_mynetworks,
reject_unauth_destination,
reject_unknown_recipient_domain,
permit
______________________________________________________
contents of /etc/postfix/postmaster:
postmaster@ OK
abuse@ OK
______________________________________________
How do I insure abuse account can be emailed if sender gets blocked?

What are "false postie claims"?

forgive the ONE letter slip

Ah! False positive! Got it. Ok, so what you might mean is that you sometimes get an unintended answer to an RBL query; perhaps your ISP gets involved and tries to be "helpful" by converting an empty DNS response to a pointer to one of their web servers, in effect giving a false positive. If this is your concern, here is something you can do. RBLs -- at least the ones I use -- publish a list of their possible responses, and what they mean. For example, Spamhaus' is here. So, if I were looking up an IP address on zen.spamhaus.org, I expect an answer in the range 127.0.0.2 - 127.0.0.11. You can test this by doing the lookup manually. To see whether the IP address a.b.c.d has an A-record with zen.spamhaus.org, execute If you're querying your ISP's DNS servers, you might get a (false positive) response, but it will not be in the expected range. Now, to tell postfix about the list of possible answers, you would put the following in main.cf:

No but thx for the information
I want someone that has had their email blocked be able to email abuse@mydomain.com.

Ah, sorry. I read your post again (did you change it from the first time?). Ok, so you have to whitelist the recipient (abuse) before acting on the rbl checks. You can do that by putting all restriction lists under smtpd_recpient_restrictions.

Moved the restrictions as suggested. Time will tell. Thank you

You're welcome. The point is that you need to have a rule to whitelist the abuse recipient early on, so it won't be subjected to any of the other access restrictions.

Carl - make sure you have not created an open relay. See: http://www.postfix.org/SMTPD_ACCESS_README.html#danger.

Thank You
Extremely valuable information. Adjustments made and relay test performed and server passed not an open relay.

Thanks.
 

Thanks for your such a informational post.
It's very nice and informational post.
Jimmy