If spamhaus gets too many queries from a particular DNS server it issues
a response of 127.255.255.X (where X can be any number from 1 - 255).
This does not indicate SPAM but rather it indicates an overusage
condition of Spamhaus. the warn if reject line is intending to warn the
email admin of the condition (in the postfix logs) without rejecting the
message (because it's not necessarily SPAM).
Peter
On 5/05/22 6:40 am, [email protected] wrote:
Though not currently bouncing my maillog had this message (sanitized
because of Google):
NOQUEUE: reject: RCPT from avasout-peh-001.plus.net[212.159.14.17]: 554 5.7.1 Service
unavailable; Client host [212.159.14.17] blocked using zen.spamhaus.org; Error: open resolver;
https://www.spamhaus.org/returnc/pub/172.69.133.38; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<avasout-peh-001.plus.net>
Reading the link provided:
https://www.spamhaus.org/returnc/pub/172.69.133.38
Then ultimately reaching:
https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/PublicMirrors/MTAs/020-Postfix.html#configuration
The suggested set up is:
smtpd_recipient_restrictions =
...
reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99]
reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99]
reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99]
warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255]
...
Looking at warn_if_reject on
https://www.postfix.org/postconf.5.html
this seems like a bad idea since it won't reject the spam.
Googling "zen.spamhaus.org=127.0.0.[2..11]" indicates a change was made
in 2021 and just follow instructions. No real explanation.
I'm always hesitant to do something I don't fully understand (certs
and regex excluded).
Comments?
