Hiya,
We have had this setting on a mail server for a long time.
smtpd_recipient_restrictions =
permit_sasl_authenticated
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
reject_multi_recipient_bounce
reject_non_fqdn_hostname
reject_invalid_hostname
reject_rbl_client bl.spamcop.net
reject_rbl_client sbl.spamhaus.org
reject_rhsbl_sender dsn.rfc-ignorant.org
check_policy_service inet:127.0.0.1:60000
permit
Today, about 80% of emails started getting bounced back with:
Action: failed
Status: 5.7.1
Remote-MTA: dns; mail.psctraining.co.uk
Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host
[80.177.179.85] blocked using bl.spamcop.net
So we commented out the spamcop line... then we got
Action: failed
Status: 5.7.1
Remote-MTA: dns; mail.psctraining.co.uk
Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host
[80.177.179.85] blocked using sbl.spamhaus.org
So we commented out the spamhaus line... then we got
<kbai...@psctraining.co.uk>: host mail.psctraining.co.uk[217.45.142.233] said:
554 5.7.1 Service unavailable; Sender address [kbai...@freewayprojects.com]
blocked using dsn.rfc-ignorant.org (in reply to RCPT TO command)
Then we commented out the rfc-ignorant.org line and the mail is getting
through. So the restrictions line now looks like:
smtpd_recipient_restrictions =
permit_sasl_authenticated
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
reject_multi_recipient_bounce
reject_non_fqdn_hostname
reject_invalid_hostname
# nstone - 03/03/2009
# commented to bypass the blacklists
# reject_rbl_client bl.spamcop.net
# reject_rbl_client sbl.spamhaus.org
# reject_rhsbl_sender dsn.rfc-ignorant.org
check_policy_service inet:127.0.0.1:60000
permit
OK. We don't have full access to the routers etc. We also can no
longer access the web interface for their router which is on ports 81
and 445.
My feeling is that something has changed with their firewall or traffic.
Now, if Postfix can not connect to bl.spamcop.net would it reject the
mail by default? Also, to test this connection - what port does Postfix
try to connect to bl.spamcop.net on? - we could then try telnet to test
the connection. Also, what port(s) does bl.spamcop.net connect back
on? Maybe these are firewalled.
Obviously, we're up and running again with the lines commented out - but
we would like to
use the spam databases.
Thanks for any help.
Kevin Bailey
