On 25-03-09 11:09:32, Bill Cole via Postfix-users wrote: > On 2025-03-09 at 03:39:30 UTC-0400 (Sun, 9 Mar 2025 09:39:30 +0200) > Petko Manolov via Postfix-users <pet...@nucleusys.com> > is rumored to have said: > > > I've recently signed up for Spamhaus' free service. They were helpful > > enough to provide postfix setup guide to minimize the pain. > > Which you failed to follow.
Not really. Not in the beginning. I did exactly what the guide says, including hiding the DQS key. One of my mistakes was that i decided the setup isn't working. Or at least i could not see visual confirmation in postfix.log. Then i went commando... :) Adding DBL and ZRD in postscreen was a mistake due to lack of knowledge. However, thanks to this discussion (and with the sacrifice of a key) i learned something new. > > I've modified postscreen_dnsbl_sites accordingly and this morning was > > greeted by the following BS... > > > > Mar 09 01:49:12 lan postfix/postscreen[182934]: CONNECT from > > [45.90.5.195]:45727 to [192.168.234.2]:25 > > Mar 09 01:49:12 lan postfix/dnsblog[182936]: addr 45.90.5.195 listed by > > domain <REDACT>.zrd.dq.spamhaus.net as 127.0.2.255 > > Mar 09 01:49:12 lan postfix/dnsblog[182937]: addr 45.90.5.195 listed by > > domain <REDACT>.dbl.dq.spamhaus.net as 127.0.1.255 > > You're using those wrong. DBL and ZRD are not used for IP addresses, they are > used for domain names. They cannot be used in postscreen. The last octet is > the signal. You should not be rejecting based on a .255 result. > > [...] > > > And what is 45.90.5.195 doing in Spamhaus' ZDR and DBL lists? > > It's not. ZRD and DBL only list domain names. I did not know this a couple of hours ago. That's not an excuse, just an explanation. I think my setup is OK now - Spamhaus' DQS setup test shows all eight delivery attempts to have failed. Again, thanks for the patience. cheers, Petko _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
