Scott Techlist via Postfix-users: > I need to allow a domain to bypass my RBL checks. I'm doing something wrong, > or I'm misunderstanding what I'm checking from my logs. I'd be grateful for > an assist to remedy. >
Depending on whether omain is client or sender or ... ... reject_unauth_destination ... check_client_access hash:/pathname reject_rbl_client example.com ... Or ... reject_unauth_destination ... check_sender_access hash:/pathname reject_rbl_client example.com ... Or ??? Where the table returns OK for the allowlisted domain. Wietse > > This box is an old postfix install Postfix version 2.2.10. (I know, working > on migrating) > > > > main.cf: (full postconf -n output follows below) > > > > parent_domain_matches_subdomains = smtpd_access_maps > > check_sender_access hash:/etc/postfix/sender_checks, > > > > I need to let mail from outbound.protection.outlook.com, and bypass my RBL > checks. My old understanding is that the first OK "wins" (maybe not?), and I > have check sender before check RBL. I don't seem to be getting a match/OK on > it. > > > > This is a sample log entry of what I'm trying to "OK" before it gets to my > RBL checks and thus fails: > > > > Feb 28 12:45:13 host1 postfix/smtpd[10600]: connect from > mail-psaapc01on2101.outbound.protection.outlook.com[40.107.255.101] > > > > Feb 28 12:45:14 host1 postfix/smtpd[10600]: NOQUEUE: reject: RCPT from > mail-psaapc01on2101.outbound.protection.outlook.com[40.107.255.101]: 554 > Service unavailable; Client host [40.107.255.101] blocked using > bl.spamcop.net; Blocked - see > https://www.spamcop.net/bl.shtml?40.107.255.101; > from=<info-asqmrfmx...@starscorp.onmicrosoft.com> > to=<gary.cunning...@xyz.com> proto=ESMTP > helo=<APC01-PSA-obe.outbound.protection.outlook.com> > > > > Isn't the sender = connect from = > mail-psaapc01on2101.outbound.protection.outlook.com ? > > > > In my sender_checks file I've tried: > > > > outbound.protection.outlook.com OK > > .outbound.protection.outlook.com OK # to match subdomains as an attempt to > get it to work. > > > > Can I go that deep on subdomains (e.g. outbound.protection.outlook.com)? Or > do I need to only have ".outlook.com OK" > > > > I tried testing my sender_checks file using: > > > > postmap -q 'mail-mw2nam10on2100.outbound.protection.outlook.com' > hash:/etc/postfix/sender_checks > > (does not match) > > > > postmap -q 'outbound.protection.outlook.com' hash:/etc/postfix/sender_checks > > OK #(matches) > > > > In any case, what I'm doing does not prevent the RBL test that's after the > sender check from being passed. > > > > ----- > > postconf -n: > > > > alias_database = hash:/etc/aliases > > alias_maps = hash:/etc/aliases > > body_checks = pcre:/etc/postfix/body_checks.pcre > > broken_sasl_auth_clients = yes > > command_directory = /usr/sbin > > config_directory = /etc/postfix > > content_filter = smtp-amavis:[127.0.0.1]:10024 > > daemon_directory = /usr/libexec/postfix > > debug_peer_level = 2 > > disable_vrfy_command = yes > > html_directory = no > > inet_interfaces = $host1, localhost > > local_recipient_maps = hash:/etc/postfix/local_recipient > > mail_owner = postfix > > mail_spool_directory = /var/spool/mail > > mailbox_size_limit = 483886080 > > mailq_path = /usr/bin/mailq.postfix > > manpage_directory = /usr/share/man > > message_size_limit = 20971520 > > mydestination = $host1, localhost.$mydomain, localhost, s-e-inc.com, > $mydomain > > mydomain = example.com > > host1 = host1.example.com > > mynetworks = localhost,$localdomain, [& other local IPs] > > myorigin = $host1 > > newaliases_path = /usr/bin/newaliases.postfix > > parent_domain_matches_subdomains = smtpd_access_maps > > queue_directory = /var/spool/postfix > > readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES > > recipient_bcc_maps = hash:/etc/postfix/recipient_bcc > > relay_domains = mlec.com > > relay_recipient_maps = hash:/etc/postfix/relay_recipients > > sample_directory = /usr/share/doc/postfix-2.2.10/samples > > sendmail_path = /usr/sbin/sendmail.postfix > > setgid_group = postdrop > > smtpd_data_restrictions = reject_unauth_pipelining, permit > > smtpd_helo_required = yes > > smtpd_recipient_limit = 3000 > > smtpd_recipient_restrictions = reject_invalid_hostname, > reject_non_fqdn_hostname, reject_non_fqdn_sender, > reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, > check_recipient_mx_access hash:/etc/postfix/mx_access, > check_sender_mx_access hash:/etc/postfix/mx_access, > reject_unknown_sender_domain, check_recipient_access > pcre:/etc/postfix/recipient_checks.pcre, check_helo_access > hash:/etc/postfix/helo_checks, check_sender_access > hash:/etc/postfix/sender_checks, check_client_access > hash:/etc/postfix/client_checks, check_client_access > pcre:/etc/postfix/client_checks.pcre, check_recipient_access > hash:/etc/postfix/access, reject_rbl_client > zen.spamhaus.org=127.0.0.[2..255], reject_rhsbl_client > dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_sender > dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_helo > dbl.spamhaus.org=127.0.1.[2..99], reject_rbl_client psbl.surriel.com, > reject_rbl_client bl.spamcop.net, reject_rhsbl_sender > fresh.spameatingmonkey.net, r eject_rhsbl_client fresh.spameatingmonkey.net, reject_rhsbl_sender uribl.spameatingmonkey.net, reject_rhsbl_client uribl.spameatingmonkey.net, reject_rbl_client sip-sip24.metbpp3hnheh.invaluement.com, check_policy_service unix:postgrey/socket, permit > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_local_domain = $host1 > > smtpd_sasl_security_options = noanonymous > > smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem > > smtpd_tls_auth_only = yes > > smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem > > smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem > > smtpd_tls_loglevel = 1 > > smtpd_tls_received_header = yes > > smtpd_tls_session_cache_timeout = 3600s > > smtpd_use_tls = no > > soft_bounce = no > > tls_random_source = dev:/dev/urandom > > transport_maps = hash:/etc/postfix/transport > > unknown_local_recipient_reject_code = 550 > > virtual_alias_domains = hash:/etc/postfix/virtual_domains > > virtual_alias_maps = hash:/etc/postfix/virtual_users > > > > > > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org