We run a private RBL, jerks.viabit.com, and check against it as well as four other lists at SMTP time. Occasionally, I'll get a false positive due to blocking an entire /24 and want to whitelist them from our private RBL check but not against e.g. Spamhaus. I'm doing something wrong w.r.t. restriction classes.
Here's what I think is relevant (full postconf -n at the end). Some paths were shortened to avoid line wrapping: smtpd_restriction_classes = all_rbls, public_rbls all_rbls = reject_rbl_client jerks.viabit.com, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org public_rbls = reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org smtpd_recipient_restrictions = reject_unauth_destination, reject_unlisted_recipient, check_recipient_access hash:/<fudged>/recipient_verify_domains, check_recipient_access hash:/etc/postfix/maps/rfc_addresses, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain, check_client_access pcre:/<fudged>/generic_rbl_clients.pcre, check_sender_access hash:/etc/postfix/maps/backscatter_senders, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, check_policy_service unix:private/policyd-spf, check_policy_service unix:private/postgrey, permit The content of generic_rbl_clients.pcre: # sutton-partners.com /^64\.191\.79\.245$/ public_rbls # mabel.ca /^70\.38\.108\.42$/ public_rbls # dsnews.com /^209\.172\.40\.21[157]$/ public_rbls # Default: check these lists. # /./ all_rbls However, 64.191.79.245 is still being subjected to the private RBL check: Sep 23 10:05:42 mx1 postfix/smtpd[12164]: connect from unknown[64.191.79.245] Sep 23 10:05:44 mx1 postfix/smtpd[12164]: NOQUEUE: reject: RCPT from unknown[64.191.79.245]: 554 5.7.1 Service unavailable; Client host [64.191.79.245] blocked using jerks.viabit.com; You've been sending us spam. If you feel this is a mistake, please contact ab...@viabit.com.; from=<sen...@ntcmd.com> to=<u...@example.com> proto=ESMTP helo=<3dr.juicebox360.com> Sep 23 10:05:54 mx1 postfix/smtpd[12164]: disconnect from unknown[64.191.79.245] I've restarted Postfix. What did I screw up? # postconf -n address_verify_positive_expire_time = 7d address_verify_positive_refresh_time = 3h address_verify_sender = postmas...@viabit.com append_dot_mydomain = no command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisd-new:localhost:10024 disable_vrfy_command = yes inet_interfaces = 127.0.0.1, 65.246.80.15 local_recipient_maps = local_transport = error:local mail delivery is disabled. message_size_limit = 100000000 multi_instance_directories = /etc/postfix-fax1 multi_instance_enable = yes multi_instance_wrapper = ${command_directory}/postmulti -p -- mydestination = mydomain = viabit.com myhostname = mx1.viabit.com mynetworks_style = host relay_domains = hash:/etc/postfix/maps/relay_domains, hash:/etc/postfix/maps/relay_domains-permanent, proxy:pgsql:/etc/postfix/maps/relay_domains.pgsql relay_recipient_maps = hash:/etc/postfix/maps/relay_recipient_maps, hash:/etc/postfix/maps/relay_recipient_maps-permanent, proxy:pgsql:/etc/postfix/maps/relay_recipient_maps.pgsql relayhost = mail1.viabit.com show_user_unknown_table_name = no smtp_discard_ehlo_keywords = dsn smtp_mx_session_limit = 3 smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_discard_ehlo_keywords = dsn smtpd_error_sleep_time = 10 smtpd_etrn_restrictions = reject smtpd_hard_error_limit = 5 smtpd_helo_required = yes smtpd_junk_command_limit = 3 smtpd_recipient_restrictions = reject_unauth_destination, reject_unlisted_recipient, check_recipient_access hash:/etc/postfix/maps/recipient_verify_domains, check_recipient_access hash:/etc/postfix/maps/rfc_addresses, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain, check_client_access pcre:/etc/postfix/maps/generic_rbl_clients.pcre, check_sender_access hash:/etc/postfix/maps/backscatter_senders, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, check_policy_service unix:private/policyd-spf, check_policy_service unix:private/postgrey, permit smtpd_restriction_classes = all_rbls, public_rbls smtpd_soft_error_limit = 2 strict_rfc821_envelopes = yes transport_maps = hash:/etc/postfix/maps/transport_maps unknown_client_reject_code = 550 unverified_recipient_reject_code = 550 virtual_transport = error:virtual mail delivery is disabled.