On Mon, Aug 07, 2017 at 01:17:54PM +1000, Voytek wrote: > I have a user's inbound mail blocked by barracudacentral, is > there a way to exempt this particular user/domain from this > particular RBL check ? > > or what else can or should I do ?
Share the looging of this rejection and be more specific. The problem is with one specific client, or more? > this is the only known issue with barracuda I have and, > otherwise it seems quite effective, I think ? Yes, but like Spamcop, it's an automated list, so it lists some legitimate outbound servers at times. Large senders often do content filtering on outbound streams, directing questionable content to a certain subgroup of their outbound farms. Members of those subgroups tend to be listed by Spamcop and BRBL. I use BRBL in postscreen with 2 points and a threshold of 3. But I had the same problem [I think] you had: intermittent rejections of good mail. So I don't use it with reject_rbl_client now. > smtpd_recipient_restrictions = > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unlisted_recipient, > check_policy_service inet:127.0.0.1:7777, > permit_mynetworks, > check_sasl_access hash:/etc/postfix/sasl_access > permit_sasl_authenticated, You should separate submission from your inbound stream. If you must accept user-submitted mail on port 25, use a different IP address. > reject_unauth_destination, > check_recipient_access hash:/etc/postfix/recipient_no_checks, > check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, > check_helo_access hash:/etc/postfix/helo_checks, > check_sender_access hash:/etc/postfix/sender_checks, > check_client_access hash:/etc/postfix/client_checks, > check_client_access pcre:/etc/postfix/client_checks.pcre, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client b.barracudacentral.org, > reject_rhsbl_client dbl.spamhaus.org, > reject_rhsbl_sender dbl.spamhaus.org, > reject_rbl_client psbl.surriel.com, > reject_rbl_client ix.dnsbl.manitu.net, > reject_rbl_client bl.spamcop.net, I don't know manitu firsthand, so I wouldn't use that restriction. I *do* know PSBL and Spamcop firsthand, and I definitely wouldn't recommend those restrictions. > reject_rbl_client cbl.abuseat.org, Wasted lookup, as this is included in Zen. > reject_rhsbl_sender dsn.rfc-ignorant.org, Ralf discontinued the RFCI lists some years back. > check_policy_service inet:127.0.0.1:10031 > > > pflogsumm /var/log/maillog.1 | grep block > blocked using b.barracudacentral.org (total: 482) > blocked using bl.spamcop.net (total: 40) > blocked using dbl.spamhaus.org (total: 133) > blocked using ix.dnsbl.manitu.net (total: 37) > blocked using psbl.surriel.com (total: 14) > blocked using zen.spamhaus.org (total: 3438) -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
