Postfix+rbl restrictions-postmaster/abuse not getting complaints
running postfix on debian etch. I want postmaster or at least abuse account to be able to receive emails regarding false postive claims from rbls.
current main.cf: smtpd_client_restrictions = check_client_access hash:/etc/postfix/cbl_exceptions reject_rbl_client cbl.abuseat.org, reject_rbl_client korea.blackholes.us, reject_rbl_client russia.blackholes.us, reject_rbl_client china.blackholes.us, reject_rbl_client taiwan.blackholes.us, reject_rbl_client nigeria.blackholes.us, reject_rbl_client argentina.blackholes.us, reject_rbl_client brazil.blackholes.us, reject_rbl_client thailand.blackholes.us, reject_rbl_client bl.spamcop.net smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/helo_client_exceptions reject_invalid_helo_hostname, warn_if_reject, reject_non_fqdn_helo_hostname, warn_if_reject, reject_unknown_helo_hostname smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/postmaster, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain, permit ______________________________________________________ contents of /etc/postfix/postmaster: postmaster@ OK abuse@ OK ______________________________________________ How do I insure abuse account can be emailed if sender gets blocked? |
What are "false postie claims"?
|
Quote:
|
Ah! False positive! Got it. Ok, so what you might mean is that you sometimes get an unintended answer to an RBL query; perhaps your ISP gets involved and tries to be "helpful" by converting an empty DNS response to a pointer to one of their web servers, in effect giving a false positive. If this is your concern, here is something you can do. RBLs -- at least the ones I use -- publish a list of their possible responses, and what they mean. For example, Spamhaus' is here. So, if I were looking up an IP address on zen.spamhaus.org, I expect an answer in the range 127.0.0.2 - 127.0.0.11. You can test this by doing the lookup manually. To see whether the IP address a.b.c.d has an A-record with zen.spamhaus.org, execute
Code:
dig d.c.b.a.zen.spamhaus.org Code:
smtpd_client_restrictions = |
No but thx for the information
I want someone that has had their email blocked be able to email abuse@mydomain.com. |
Ah, sorry. I read your post again (did you change it from the first time?). Ok, so you have to whitelist the recipient (abuse) before acting on the rbl checks. You can do that by putting all restriction lists under smtpd_recpient_restrictions.
|
Moved the restrictions as suggested. Time will tell. Thank you
|
You're welcome. The point is that you need to have a rule to whitelist the abuse recipient early on, so it won't be subjected to any of the other access restrictions.
|
Carl - make sure you have not created an open relay. See: http://www.postfix.org/SMTPD_ACCESS_README.html#danger.
|
Thank You
Extremely valuable information. Adjustments made and relay test performed and server passed not an open relay. |
Thanks.
Thanks for your such a informational post.
It's very nice and informational post. Jimmy |
All times are GMT -5. The time now is 11:37 PM. |