postscreen with IP-ranges?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

postscreen with IP-ranges?

Roland Freikamp
Hi,

I'm using postscreen on a mailserver.

Unfortunately, this does not work with some bigger mail providers, since
they send the mail from a random host in their mail-server-cluster, so
postscreen sees a new IP for each retry, and so sometimes never accepts
the mail.

Is there a way around this?
Is it possible to e.g. match against x.x.x.x/24 instead of the exact IP?


Thanks
Roland
Reply | Threaded
Open this post in threaded view
|

Re: postscreen with IP-ranges?

Wietse Venema
Roland Freikamp:

> Hi,
>
> I'm using postscreen on a mailserver.
>
> Unfortunately, this does not work with some bigger mail providers, since
> they send the mail from a random host in their mail-server-cluster, so
> postscreen sees a new IP for each retry, and so sometimes never accepts
> the mail.
>
> Is there a way around this?

Yes.

DO NOT TURN ON AFTER-220 TESTS.

        Wietse

> Is it possible to e.g. match against x.x.x.x/24 instead of the exact IP?
>
>
> Thanks
> Roland
>
Reply | Threaded
Open this post in threaded view
|

Re: postscreen with IP-ranges?

Matus UHLAR - fantomas
In reply to this post by Roland Freikamp
On 12.11.19 12:26, Roland Freikamp wrote:
>I'm using postscreen on a mailserver.
>
>Unfortunately, this does not work with some bigger mail providers, since
>they send the mail from a random host in their mail-server-cluster, so
>postscreen sees a new IP for each retry, and so sometimes never accepts
>the mail.

what reason are they refesed with?  You can whitelist their IP ranges
locally or use DNS whitelists that contain their IPs

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.
Reply | Threaded
Open this post in threaded view
|

Re: postscreen with IP-ranges?

Jaroslaw Rafa
In reply to this post by Roland Freikamp
Dnia 12.11.2019 o godz. 12:26:51 Roland Freikamp pisze:
>
> I'm using postscreen on a mailserver.
>
> Unfortunately, this does not work with some bigger mail providers, since
> they send the mail from a random host in their mail-server-cluster, so
> postscreen sees a new IP for each retry, and so sometimes never accepts
> the mail.

I don't use postscreen, but I use postgrey, and my postgrey installation
came with a default /etc/postgrey/whitelist_clients file, which whitelists a
lot of such senders. I also found some myself and added them to
/etc/postgrey/whitelist_clients.local manually.

I guess postscreen should also have some whitelist mechanism?
--
Regards,
   Jaroslaw Rafa
   [hidden email]
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Reply | Threaded
Open this post in threaded view
|

Re: postscreen with IP-ranges?

John Schmerold

On 11/12/2019 6:27 AM, Jaroslaw Rafa wrote:

> Dnia 12.11.2019 o godz. 12:26:51 Roland Freikamp pisze:
>> I'm using postscreen on a mailserver.
>>
>> Unfortunately, this does not work with some bigger mail providers, since
>> they send the mail from a random host in their mail-server-cluster, so
>> postscreen sees a new IP for each retry, and so sometimes never accepts
>> the mail.
> I don't use postscreen, but I use postgrey, and my postgrey installation
> came with a default /etc/postgrey/whitelist_clients file, which whitelists a
> lot of such senders. I also found some myself and added them to
> /etc/postgrey/whitelist_clients.local manually.
>
> I guess postscreen should also have some whitelist mechanism?

I use Postwhite to build my whitelist, I don't like it, but I do like my
job. Postwhite helps keep the clients happy.


John Schmerold
Katy Computer Systems, Inc
https://katycomputer.com
St Louis

Reply | Threaded
Open this post in threaded view
|

Re: postscreen with IP-ranges?

Wietse Venema
In reply to this post by Jaroslaw Rafa
Jaroslaw Rafa:

> Dnia 12.11.2019 o godz. 12:26:51 Roland Freikamp pisze:
> >
> > I'm using postscreen on a mailserver.
> >
> > Unfortunately, this does not work with some bigger mail providers, since
> > they send the mail from a random host in their mail-server-cluster, so
> > postscreen sees a new IP for each retry, and so sometimes never accepts
> > the mail.
>
> I don't use postscreen, but I use postgrey, and my postgrey installation
> came with a default /etc/postgrey/whitelist_clients file, which whitelists a
> lot of such senders. I also found some myself and added them to
> /etc/postgrey/whitelist_clients.local manually.
>
> I guess postscreen should also have some whitelist mechanism?

And it does (postscreen_access_list).

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: postscreen with IP-ranges?

Peter Ajamian
In reply to this post by Roland Freikamp
You can whitelist with dnswl.org.  See:
http://rob0.nodns4.us/postscreen.html


Peter


On 13/11/19 12:26 AM, Roland Freikamp wrote:

> Hi,
>
> I'm using postscreen on a mailserver.
>
> Unfortunately, this does not work with some bigger mail providers, since
> they send the mail from a random host in their mail-server-cluster, so
> postscreen sees a new IP for each retry, and so sometimes never accepts
> the mail.
>
> Is there a way around this?
> Is it possible to e.g. match against x.x.x.x/24 instead of the exact IP?
>
>
> Thanks
> Roland
>