Today I discovered that my mail server is rejecting smtps connections
based upon RBL.
Example:
Sep 28 17:44:40 nyi postfix/smtpd[20073]: NOQUEUE: reject: CONNECT
from pool-151-197-20-211.phil.east.verizon.net[151.197.20.211]: 554
5.7.1 Service unavailable; Client host [151.197.20.211] blocked using
dnsbl.njabl.org; 1045929907; proto=SMTP
I'd rather not restrict smtps connection. Either they authenticate or
they do not. That is enough for me.
My smtps service is defined through this (slightly altered) master.cf
entry:
10.11.12.13:smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions
=permit_sasl_authenticated,reject_unauth_destination
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_cert_file=/usr/local/etc/postfix-config/CERTS/
nyi.example.org.cert
-o smtpd_tls_key_file=/usr/local/etc/postfix-config/CERTS/
nyi.example.org.nopassword.key
In main.cf, I find these references to njabl.org. I would prefer to
keep these smtp restrictions in place.
maps_rbl_domains = dnsbl.njabl.org
smtpd_client_restrictions = sleep 1, reject_unauth_pipelining, hash:/
usr/local/etc/postfix-config/main/access,
reject_rbl_client dnsbl.njabl.org,
permit_mynetworks
smtpd_helo_restrictions = hash:/usr/local/etc/postfix-config/main/
access,
reject_rbl_client dnsbl.njabl.org,
permit_mynetworks
smtpd_sender_restrictions = hash:/usr/local/etc/postfix-config/main/
access,
reject_rbl_client dnsbl.njabl.org,
permit_mynetworks,
reject_unknown_sender_domain
My first attempt at solving this issue involved adding these lines to
the master.cf entry. These seemed to have no effect.
-o maps_rbl_domains=
-o smtpd_client_restrictions=sleep 1, reject_unauth_pipelining,
permit_mynetworks
-o smtpd_helo_restrictions=permit_mynetworks
-o smtpd_sender_restrictions=permit_mynetworks
Clues please?
--
Dan Langille
http://langille.org/
