On 2024-01-31 at 03:32:20 UTC-0500 (Wed, 31 Jan 2024 09:32:20 +0100)
Matus UHLAR - fantomas via Postfix-users <uh...@fantomas.sk>
is rumored to have said:
On 30.01.24 20:20, Israel britto via Postfix-users wrote:
hello, I'm having a problem with spamhaus that I don't know how to
solve.
Today I have 1 domain that uses 2 exclusive IPs 1.1.1.1 and 2.2.2.2
The PTR and rDNS entries are correctly configured:
1.1.1.1 > a1.domain.com
2.2.2.2 > a2.domain.com
a1.domain.com -> 1.1.1.1
a2.domain.com -> 2.2.2.2
My Postfix is behind a load balance, which performs round-robin
balancing between these 2 IPs, however, my server is configured with
the helo -> xpto.com.br
That's almost certainly wrong. The HELO argument should be the
resolvable primary name associated with the actual client IP as it
connects to the server. In this case, that would be the outward-facing
IP of the load balancer.
# host xpto.com.br
xpto.com.br has address 186.202.157.79
xpto.com.br mail is handled by 20 mx.jk.locaweb.com.br.
xpto.com.br mail is handled by 10 mx.core.locaweb.com.br.
xpto.com.br mail is handled by 20 mx.a.locaweb.com.br.
xpto.com.br mail is handled by 20 mx.b.locaweb.com.br.
# host 186.202.157.79
Host 79.157.202.186.in-addr.arpa. not found: 3(NXDOMAIN)
So if your load balancer isn't at 186.202.157.79, the hosts behind it
should not be announcing themselves as xpto.com.br. If that is your load
balancer, you should fix its reverse DNS (i.e. a PTR record at
79.157.202.186.in-addr.arpa.)
Spamhaus is listing my IPs because it says that my HELO address is
not aligned with the rDNS of my IPs. Has anyone had this type of
problem and could help me with how to resolve it?
I have never seen anyone having this problem, also I have never see
spamhaus list IP address because of this.
Neither have I, having used Spamhaus for their whole existence. However,
I am fairly sure that some of the signals that feed XBL (former CBL)
listings include signature HELO behaviors. It's not implausible that
using a HELO which looks like an intentional impersonation effort will
generate a XBL listing. I have no special knowledge of precisely how
that could happen, but I do see pure spam sources playing fraudulent
games with HELO.
In fact, refusing mail because of HELO inconsistence is against all
SMTP RFCs issued so far.
That's a very narrow prohibition, technically only against simplistic
requirement that HELO must use a name that resolves to the client IP
with a matching PTR resolving the IP to the HELO name. It does not
prohibit blocking mail because of a HELO name which is formally invalid
(e.g. illegal name or authoritatively resolving otherwise) or a HELO
name that identifies a known bad actor.
Beyond that formal language issue, it is a simple fact that essentially
all systems doing effective spam control 'violate' RFCs in some ways.
Spam control is in conflict with the fundamental RFC purpose of maximal
interoperability.
However, if your HELO string is invalid or not existing, it's somehow
common for some servers to refuse mail from you.
Right. If you say "HELO ylmf-pc" or "EHLO USER" or various other
signature introductions to arbitrary MXs, your mail will not be
delivered in many places.
Since you did not provide us with your real address nor the error
message spamhaus provides when you check for your IPs, it's really
hard to help you.
Spamhaus doesn't control error messages...
I assume that anyone obfuscating IPs when seeking support on issues
directly related to specific IPs being blocklisted is trying to get
their spambots working. There's absolutely no excuse for it in 99% of
cases and it leads to random pointless speculation.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
