On Sat, May 26, 2018 at 01:22:01PM +1000, Voytek wrote: > I've recently updated Postfix from 2.1, and, enabled postscreen, > all's working well, though, just picked up a false positive: > > several users inbound mail blocked with dnsbl.spfbl.net > > I have like: > > # grep spfbl.net main.cf > postscreen_dnsbl_sites = zen.spamhaus.org*5, psbl.surriel.com*2, > bl.spamcop.net*2, dnsbl.spfbl.net*2, > > as this is a gov.au server, should I whitelist health.gov.au ? or > sge.net ? how/where ? > > what's the best way to prevent emails from health.gov.au/sge.net > being blocked?
Bubba: "Doc, it hurts when I do this." Doc: "So don't do that." The obvious solution, if dnsbl.spfbl.net is blocking real mail, is to stop using that list, or possibly to lower its score below your [unstated] threshold score. Postscreen is unable to do whitelisting by hostname. In fact the reverse DNS is not looked up at all, so only the IP address is known in postscreen. Another choice is DNS whitelisting: 145.65.91.152.list.dnswl.org. 10800 IN TXT "sge.net https://dnswl.org/s/?s=36576"; 145.65.91.152.list.dnswl.org. 10800 IN A 127.0.9.2 For more information I would refer you to my page on postscreen; please see the link below, in the .sig . > # grep health.gov.au /var/log/maillog | grep block > May 21 08:49:16 geko postfix/postscreen[23877]: NOQUEUE: reject: > RCPT from [152.91.65.145]:57512: 550 5.7.1 Service unavailable; > client [152.91.65.145] blocked using dnsbl.spfbl.net; > from=<vijawathy.mcpher...@health.gov.au>, to=<br...@tld.com.au>, > proto=ESMTP, helo=<orland.sge.net> While the helo/ehlo is logged, that's not usable either, because once postscreen decides to talk to a client, that client is already blocked. If you're not going to take the advice above, your only other option would be to whitelist the IP address[es]. Oh, also, you could talk to the DNSBL operator about theit listing criteria, and/or to the sending site about getting delisted. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
