On 2025-01-27 at 08:20:19 UTC-0500 (Mon, 27 Jan 2025 14:20:19 +0100)
Marko Cupać via Postfix-users <marko.cu...@mimar.rs>
is rumored to have said:
[...]
... Microsoft's servers are frequently being (temporarily) blocked by
spamcop:
For good cause...
Jan 27 10:47:20 mx1 postfix/smtpd[67827]: NOQUEUE: reject: RCPT from
mail-db8eur05on2106.outbound.protection.outlook.com[40.107.20.106]:
554 5.7.1 Service unavailable; Client host [40.107.20.106] blocked
using bl.spamcop.net; Blocked - see
https://www.spamcop.net/bl.shtml?40.107.20.106;
from=<sen...@example.org> to=<recipi...@example.org> proto=ESMTP
helo=<EUR05-DB8-obe.outbound.protection.outlook.com>
Is there a way to override rbl block for particular domains?
Put a check_client_access directive before your reject_rbl_client
directives, and use OK or PERMIT in that map for client host domains
that you want to exempt. You can also use check_sender_access IF you're
confident that the particular sender domains are not prone to forgery.
Would
adding 'example.org OK' to sender_access (above rbl blocks, as in my
config) be appropriate action?
Only if the real example.org is either protected from forgeries by other
means (e.g. DKIM/SPF/DMARC) that you trust OR is unlikely to be forged.
It would open a relay backdoor protected only by the obscurity of the
blessed domain(s).
Would rbl_reply_maps be better solution? I tried to understand it and
find some configuration examples but failed.
No.
Any other way?
If you want to generally avoid blocking MS365 mail, use
check_client_access. It may be helpful to understand that they actually
segregate their outbound "junk" (likely spam and asynchronous bounces)
to a subset of their outbound machines, so if you identify that pattern
you can limit the scope of your match to just the "good" output points.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
