I am hoping someone has already come across this issue.
I’m trying to integrate Spamhaus with my postfix set up. I’ve followed their directions below. After applying the configs, it fails. I get a series of emails similar to shown below. Anyone come across this before? Postfonf follows: # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no broken_sasl_auth_clients = yes command_directory = /usr/sbin compatibility_level = 2 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 152428800 meta_directory = /etc/postfix milter_default_action = accept mydestination = $myhostname, localhost.$mydomain, localhost newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = inet:127.0.0.1:8891 queue_directory = /var/spool/postfix rbl_reply_maps = hash:/etc/postfix/dnsbl-reply-map readme_directory = /usr/share/doc/postfix/README_FILES resolve_dequoted_address = no sample_directory = /usr/share/doc/postfix/samples sender_bcc_maps = hash:/etc/postfix/bcc sender_dependent_default_transport_maps = hash:/etc/postfix/dependent sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop shlib_directory = /usr/lib64/postfix smtp_dns_support_level = dnssec smtp_host_lookup = dns smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtp_tls_CApath = /etc/pki/tls/certs smtp_tls_security_level = dane smtpd_helo_required = yes smtpd_milters = inet:127.0.0.1:8891 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_rhsbl_sender mykey.dbl.dq.spamhaus.net=127.0.1.[2..99], reject_rhsbl_helo mykey.dbl.dq.spamhaus.net=127.0.1.[2..99], reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net=127.0.1.[2..99], reject_rhsbl_sender mykey.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rhsbl_helo mykey.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rhsbl_reverse_client mykey.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rbl_client mykey.zen.dq.spamhaus.net=127.0.0.[2..255] check_policy_service unix:private/policyd-spf check_client_access hash:/etc/postfix/whitelist check_sender_access hash:/etc/postfix/auto-whtlst check_client_access cidr:/etc/postfix/blacklist.cidr reject_unknown_sender_domain reject_unknown_client_hostname reject_unknown_reverse_client_hostname reject_invalid_helo_hostname reject_unknown_helo_hostname check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns-max.pcre check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns-plus.pcre check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_security_level = may tls_server_sni_maps = hash:/etc/postfix/sni_map unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual Email: This is a Spamhaus BLT public SMTP-test email which has been crafted to be blocked by properly configured mail systems. If you're reading this then your MX is not properly configured for the dbl-pub-from test; please see the BLT documentation at https://blt.spamhaus.com/docs for tips on configuring your MX. Description of this test: This is a test of MAIL FROM host blocking via the Public Mirrors Domain Blocklist (DBL): https://docs.spamhaus.com/datasets/docs/source/10-data-type-documentation/datasets/030-datasets.html You can view more information about this test email at https://blt.spamhaus.com/test/45005/email/551433 Test parameters: Xxxxxxx Instructions: 3.1.2 Configuring postfix Note: we can not support Postfix releases before 2.8. The following documentation can not be applied to such old releases. Note: the following instructions apply for users with access to both IP and domain lookups. Users with only IP access must omit references to dbl and zrd. Users with only domain access must omit references to zen, sbl, pbl and xbl. Edit main.cf (usually located in /etc/postfix), and add reject_rhsbl_sender mykey.dbl.dq.spamhaus.net=127.0.1.[2..99], reject_rhsbl_helo mykey.dbl.dq.spamhaus.net=127.0.1.[2..99], reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net=127.0.1.[2..99], reject_rhsbl_sender mykey.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rhsbl_helo mykey.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rhsbl_reverse_client mykey.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rbl_client mykey.zen.dq.spamhaus.net=127.0.0.[2..255] in the list of smtpd_recipient_restrictions. Then create in /etc/postfix a file named for instance dnsbl-reply-map containing the lines mykey.sbl.dq.spamhaus.net=127.0.0.[2..255] $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using sbl.spamhaus.org${rbl_reason?; $rbl_reason} mykey.xbl.dq.spamhaus.net=127.0.0.[2..255] $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using xbl.spamhaus.org${rbl_reason?; $rbl_reason} mykey.pbl.dq.spamhaus.net=127.0.0.[2..255] $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using pbl.spamhaus.org${rbl_reason?; $rbl_reason} mykey.sbl-xbl.dq.spamhaus.net=127.0.0.[2..255] $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using sbl-xbl.spamhaus.org${rbl_reason?; $rbl_reason} mykey.zen.dq.spamhaus.net=127.0.0.[2..255] $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using zen.spamhaus.org${rbl_reason?; $rbl_reason} mykey.dbl.dq.spamhaus.net=127.0.1.[2..99] $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using dbl.spamhaus.org${rbl_reason?; $rbl_reason} mykey.zrd.dq.spamhaus.net=127.0.2.[2..24] $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using zrd.spamhaus.org${rbl_reason?; $rbl_reason} Create a hash map of it with postmap hash:/etc/postfix/dnsbl-reply-map then insert rbl_reply_maps = hash:/etc/postfix/dnsbl-reply-map in main.cf. Reload postfix. Thank you, Steffan Cline stef...@hldns.com 602-793-0014
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
