We run a private RBL, jerks.viabit.com, and check against it as well as
four other lists at SMTP time. Occasionally, I'll get a false positive
due to blocking an entire /24 and want to whitelist them from our
private RBL check but not against e.g. Spamhaus. I'm doing something
wrong w.r.t. restriction classes.
Here's what I think is relevant (full postconf -n at the end). Some
paths were shortened to avoid line wrapping:
smtpd_restriction_classes = all_rbls, public_rbls
all_rbls =
reject_rbl_client jerks.viabit.com,
reject_rbl_client psbl.surriel.com,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client b.barracudacentral.org
public_rbls =
reject_rbl_client psbl.surriel.com,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client b.barracudacentral.org
smtpd_recipient_restrictions =
reject_unauth_destination,
reject_unlisted_recipient,
check_recipient_access hash:/<fudged>/recipient_verify_domains,
check_recipient_access hash:/etc/postfix/maps/rfc_addresses,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_non_fqdn_sender,
reject_unknown_reverse_client_hostname,
reject_unknown_sender_domain,
check_client_access pcre:/<fudged>/generic_rbl_clients.pcre,
check_sender_access hash:/etc/postfix/maps/backscatter_senders,
reject_rhsbl_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
check_policy_service unix:private/policyd-spf,
check_policy_service unix:private/postgrey,
permit
The content of generic_rbl_clients.pcre:
# sutton-partners.com
/^64\.191\.79\.245$/ public_rbls
# mabel.ca
/^70\.38\.108\.42$/ public_rbls
# dsnews.com
/^209\.172\.40\.21[157]$/ public_rbls
# Default: check these lists.
#
/./ all_rbls
However, 64.191.79.245 is still being subjected to the private RBL check:
Sep 23 10:05:42 mx1 postfix/smtpd[12164]: connect from
unknown[64.191.79.245]
Sep 23 10:05:44 mx1 postfix/smtpd[12164]: NOQUEUE: reject: RCPT from
unknown[64.191.79.245]: 554 5.7.1 Service unavailable; Client host
[64.191.79.245] blocked using jerks.viabit.com; You've been sending
us spam. If you feel this is a mistake, please contact
ab...@viabit.com.; from=<sen...@ntcmd.com>
to=<u...@example.com> proto=ESMTP
helo=<3dr.juicebox360.com>
Sep 23 10:05:54 mx1 postfix/smtpd[12164]: disconnect from
unknown[64.191.79.245]
I've restarted Postfix. What did I screw up?
# postconf -n
address_verify_positive_expire_time = 7d
address_verify_positive_refresh_time = 3h
address_verify_sender = postmas...@viabit.com
append_dot_mydomain = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisd-new:localhost:10024
disable_vrfy_command = yes
inet_interfaces = 127.0.0.1, 65.246.80.15
local_recipient_maps =
local_transport = error:local mail delivery is disabled.
message_size_limit = 100000000
multi_instance_directories = /etc/postfix-fax1
multi_instance_enable = yes
multi_instance_wrapper = ${command_directory}/postmulti -p --
mydestination =
mydomain = viabit.com
myhostname = mx1.viabit.com
mynetworks_style = host
relay_domains = hash:/etc/postfix/maps/relay_domains,
hash:/etc/postfix/maps/relay_domains-permanent,
proxy:pgsql:/etc/postfix/maps/relay_domains.pgsql
relay_recipient_maps = hash:/etc/postfix/maps/relay_recipient_maps,
hash:/etc/postfix/maps/relay_recipient_maps-permanent,
proxy:pgsql:/etc/postfix/maps/relay_recipient_maps.pgsql
relayhost = mail1.viabit.com
show_user_unknown_table_name = no
smtp_discard_ehlo_keywords = dsn
smtp_mx_session_limit = 3
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_discard_ehlo_keywords = dsn
smtpd_error_sleep_time = 10
smtpd_etrn_restrictions = reject
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_junk_command_limit = 3
smtpd_recipient_restrictions = reject_unauth_destination,
reject_unlisted_recipient, check_recipient_access
hash:/etc/postfix/maps/recipient_verify_domains, check_recipient_access
hash:/etc/postfix/maps/rfc_addresses,
reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
reject_non_fqdn_sender, reject_unknown_reverse_client_hostname,
reject_unknown_sender_domain, check_client_access
pcre:/etc/postfix/maps/generic_rbl_clients.pcre, check_sender_access
hash:/etc/postfix/maps/backscatter_senders, reject_rhsbl_client
dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org, check_policy_service
unix:private/policyd-spf, check_policy_service unix:private/postgrey,
permit
smtpd_restriction_classes = all_rbls, public_rbls
smtpd_soft_error_limit = 2
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/maps/transport_maps
unknown_client_reject_code = 550
unverified_recipient_reject_code = 550
virtual_transport = error:virtual mail delivery is disabled.
