Exempting submission from RBL lookups.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Exempting submission from RBL lookups.

Viktor Dukhovni
[ You really must start a new thread when posting on a new topic.
  DO NOT reply to a previous message, that breaks message threading. ]

On Tue, Aug 21, 2018 at 11:32:57AM -0400, Fongaboo wrote:

> Last night, it would appear that zen.spamhaus.org started blacklisting a
> number of IPs assigned to Spectrum consumers, of which I am one.

That's fine, so long as you're not running an MTA on a dynamic
customer IP.

> When I tried telnetting to port 25 of my mail server and manually sending
> a message to one of our virtual mailboxes, I got this error:

Use port 587 for submission.

> 554 5.7.1 Service unavailable; Client host [<my-ip-address>] blocked using zen.spamhaus.org

This is expected.

> I tried putting a bunch of /8's that I know to be assigned to Spectrum,
> one of which my own IP was definitely within, into rbl_override. I then
> ran postmap rbl_override and restarted postfix.

Use port 587 for submission, require TLS and authentication, and
don't use RBL checks on that port.

See the commented out submission entry in the stock /etc/postfix/master.cf:

    #submission inet n       -       n       -       -       smtpd
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING

adjust to suit your needs.