Hi,
Ignacio Garcia wrote:
> Hi there. We use in our postfix servers several programs to prevent spam
> (amavisd-new + spamassassin, postgrey, and policyd-weight). We like very
> much policyd-weight because it bases its blocking decissions on a score
> calculated by the number of blacklists a server is in. We are, however,
> puzzled by the fact that we are blocking all incoming email from
> terra.es, a division of telefonica, the largest ISP in Spain. Before we
> contact terra's postmaster,
Just forget about that... they won't even hear you since they are the
largest (and so, must do everything right -- bullshit)
> we are trying to figure out where the
> problem is. Although this is a postfix list (and not policyd-weight's),
> I humbly ask you all email gurus for help since this is more related to
> rbl and dns stuff than policyd-weight malfunctioning. Here's the log:
Not a mail guru, but the approach below does work
> [snip]
> Please know that although terra.es show listed twice in rbl lists, we do
> not block them for that particular reason (we block when anyone is
> listed 3 times in rbl lists). We are blocking them because of this line:
>
> FROM/MX_MATCHES_NOT_HELO(DOMAIN)=2.9 CLIENT_NOT_MX/A_FROM_DOMAIN=9.1
>
> we have checked their dns entries and seem normal (I'm no dns expert
> though)
What we do (without policyd-weight, however):
Redirect these "problematic domains" to a special restriction class (we
call it from_freemail)
Then, we match the sending server with *any* valid sending server for
that domain.
Something along the lines:
ACCESS (check_sender_access somewhere)
terra.es from_telefonica
from_telefonica = check_client_access
hash:$config_directory/access_from_telefonica
/etc/postfix/access_from_telefonica
terra.es reject_unauth_destination
telefonica.net reject_unauth_destination
> Any help is much appreciated.
That will do the trick, when placed BEFORE check_policy_service (in the
recipient_restrictions list, in order to have as much info available for
the checks)
Cheers,
