On 16/01/2024 20:28, Alex via Postfix-users wrote:
Hi,
I need help with making a decision involved in determining whether to
add an IP to my client_checks to bypass a blocklist entry on the
Barracuda blocklist that is impacting one of our users. The problem is
that this would also bypass the checks for other Zix hosted customers.
Jan 16 12:04:30 xavier postfix-118/postscreen[1006916]: NOQUEUE:
reject: RCPT from 74.203.184.40]:3602: 550 5.7.1 Service unavailable;
client [74.203.184.40] blocked using DNS Blocklist (barracuda);
from=<jbraz...@myclient.com>, to=<operati...@example.org>,
proto=ESMTP, helo=<zh-gw.zixsmbhosted.com <http://zh-gw.zixsmbhosted.com>>
I was also thinking I could add a sender_check for users at
myclient.com <http://myclient.com> domain only, but that didn't work.
The above entry relates to a client reject, but shouldn't a
sender_check involving myclient.com <http://myclient.com> work as well?
smtpd_client_restrictions =
permit_mynetworks,
check_client_access ${indexed}client_checks,
check_client_access pcre:$config_directory/client_checks.pcre,
check_reverse_client_hostname_access
pcre:$config_directory/reverse_client_hostname_access.pcre,
check_client_access cidr:$config_directory/client_access_blocklist
/etc/postfix-118/client_checks.pcre:
/74\.203\.184\.40/ OK
smtpd_sender_restrictions =
permit_mynetworks,
check_sender_access ${indexed}sender_checks,
check_sender_access pcre:$config_directory/sender_checks.pcre,
reject_unknown_sender_domain
/etc/postfix-118/sender_checks.pcre:
/myclient\.com/ permit
Any ideas greatly appreciated.
Hi Alex
that rejection is happening in postscreen, before handing off to smtpd
so anything you configure in smtpd is not going to allow this email to
pass. You'll at least need to allow this ip in the postscreen
configuration for it to get to smtpd.
John
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
