Scott Techlist via Postfix-users:
> I need to allow a domain to bypass my RBL checks. I'm doing something wrong,
> or I'm misunderstanding what I'm checking from my logs. I'd be grateful for
> an assist to remedy.
>
Depending on whether omain is client or sender or ...
...
reject_unauth_destination
...
check_client_access hash:/pathname
reject_rbl_client example.com
...
Or
...
reject_unauth_destination
...
check_sender_access hash:/pathname
reject_rbl_client example.com
...
Or ???
Where the table returns OK for the allowlisted domain.
Wietse
>
> This box is an old postfix install Postfix version 2.2.10. (I know, working
> on migrating)
>
>
>
> main.cf: (full postconf -n output follows below)
>
>
>
> parent_domain_matches_subdomains = smtpd_access_maps
>
> check_sender_access hash:/etc/postfix/sender_checks,
>
>
>
> I need to let mail from outbound.protection.outlook.com, and bypass my RBL
> checks. My old understanding is that the first OK "wins" (maybe not?), and I
> have check sender before check RBL. I don't seem to be getting a match/OK on
> it.
>
>
>
> This is a sample log entry of what I'm trying to "OK" before it gets to my
> RBL checks and thus fails:
>
>
>
> Feb 28 12:45:13 host1 postfix/smtpd[10600]: connect from
> mail-psaapc01on2101.outbound.protection.outlook.com[40.107.255.101]
>
>
>
> Feb 28 12:45:14 host1 postfix/smtpd[10600]: NOQUEUE: reject: RCPT from
> mail-psaapc01on2101.outbound.protection.outlook.com[40.107.255.101]: 554
> Service unavailable; Client host [40.107.255.101] blocked using
> bl.spamcop.net; Blocked - see
> https://www.spamcop.net/bl.shtml?40.107.255.101;
> from=<info-asqmrfmx...@starscorp.onmicrosoft.com>
> to=<gary.cunning...@xyz.com> proto=ESMTP
> helo=<APC01-PSA-obe.outbound.protection.outlook.com>
>
>
>
> Isn't the sender = connect from =
> mail-psaapc01on2101.outbound.protection.outlook.com ?
>
>
>
> In my sender_checks file I've tried:
>
>
>
> outbound.protection.outlook.com OK
>
> .outbound.protection.outlook.com OK # to match subdomains as an attempt to
> get it to work.
>
>
>
> Can I go that deep on subdomains (e.g. outbound.protection.outlook.com)? Or
> do I need to only have ".outlook.com OK"
>
>
>
> I tried testing my sender_checks file using:
>
>
>
> postmap -q 'mail-mw2nam10on2100.outbound.protection.outlook.com'
> hash:/etc/postfix/sender_checks
>
> (does not match)
>
>
>
> postmap -q 'outbound.protection.outlook.com' hash:/etc/postfix/sender_checks
>
> OK #(matches)
>
>
>
> In any case, what I'm doing does not prevent the RBL test that's after the
> sender check from being passed.
>
>
>
> -----
>
> postconf -n:
>
>
>
> alias_database = hash:/etc/aliases
>
> alias_maps = hash:/etc/aliases
>
> body_checks = pcre:/etc/postfix/body_checks.pcre
>
> broken_sasl_auth_clients = yes
>
> command_directory = /usr/sbin
>
> config_directory = /etc/postfix
>
> content_filter = smtp-amavis:[127.0.0.1]:10024
>
> daemon_directory = /usr/libexec/postfix
>
> debug_peer_level = 2
>
> disable_vrfy_command = yes
>
> html_directory = no
>
> inet_interfaces = $host1, localhost
>
> local_recipient_maps = hash:/etc/postfix/local_recipient
>
> mail_owner = postfix
>
> mail_spool_directory = /var/spool/mail
>
> mailbox_size_limit = 483886080
>
> mailq_path = /usr/bin/mailq.postfix
>
> manpage_directory = /usr/share/man
>
> message_size_limit = 20971520
>
> mydestination = $host1, localhost.$mydomain, localhost, s-e-inc.com,
> $mydomain
>
> mydomain = example.com
>
> host1 = host1.example.com
>
> mynetworks = localhost,$localdomain, [& other local IPs]
>
> myorigin = $host1
>
> newaliases_path = /usr/bin/newaliases.postfix
>
> parent_domain_matches_subdomains = smtpd_access_maps
>
> queue_directory = /var/spool/postfix
>
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
>
> recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
>
> relay_domains = mlec.com
>
> relay_recipient_maps = hash:/etc/postfix/relay_recipients
>
> sample_directory = /usr/share/doc/postfix-2.2.10/samples
>
> sendmail_path = /usr/sbin/sendmail.postfix
>
> setgid_group = postdrop
>
> smtpd_data_restrictions = reject_unauth_pipelining, permit
>
> smtpd_helo_required = yes
>
> smtpd_recipient_limit = 3000
>
> smtpd_recipient_restrictions = reject_invalid_hostname,
> reject_non_fqdn_hostname, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination,
> check_recipient_mx_access hash:/etc/postfix/mx_access,
> check_sender_mx_access hash:/etc/postfix/mx_access,
> reject_unknown_sender_domain, check_recipient_access
> pcre:/etc/postfix/recipient_checks.pcre, check_helo_access
> hash:/etc/postfix/helo_checks, check_sender_access
> hash:/etc/postfix/sender_checks, check_client_access
> hash:/etc/postfix/client_checks, check_client_access
> pcre:/etc/postfix/client_checks.pcre, check_recipient_access
> hash:/etc/postfix/access, reject_rbl_client
> zen.spamhaus.org=127.0.0.[2..255], reject_rhsbl_client
> dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_sender
> dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_helo
> dbl.spamhaus.org=127.0.1.[2..99], reject_rbl_client psbl.surriel.com,
> reject_rbl_client bl.spamcop.net, reject_rhsbl_sender
> fresh.spameatingmonkey.net, r
eject_rhsbl_client fresh.spameatingmonkey.net, reject_rhsbl_sender
uribl.spameatingmonkey.net, reject_rhsbl_client uribl.spameatingmonkey.net,
reject_rbl_client sip-sip24.metbpp3hnheh.invaluement.com, check_policy_service
unix:postgrey/socket, permit
>
> smtpd_sasl_auth_enable = yes
>
> smtpd_sasl_local_domain = $host1
>
> smtpd_sasl_security_options = noanonymous
>
> smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
>
> smtpd_tls_auth_only = yes
>
> smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem
>
> smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem
>
> smtpd_tls_loglevel = 1
>
> smtpd_tls_received_header = yes
>
> smtpd_tls_session_cache_timeout = 3600s
>
> smtpd_use_tls = no
>
> soft_bounce = no
>
> tls_random_source = dev:/dev/urandom
>
> transport_maps = hash:/etc/postfix/transport
>
> unknown_local_recipient_reject_code = 550
>
> virtual_alias_domains = hash:/etc/postfix/virtual_domains
>
> virtual_alias_maps = hash:/etc/postfix/virtual_users
>
>
>
>
>
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
