On 6/4/2010 6:59 PM, Jeroen Geilman wrote:
554 5.7.1 Service unavailable;
Client host [69.63.178.167] blocked using bl.spamcop.net; Blocked - see
http://www.spamcop.net/bl.shtml?69.63.178.167;
from=<notification+o=6pg...@facebookmail.com>
to=<d...@mykitchentable.net> proto=ESMTP helo=<mx-out.facebook.com>
OK, I get it. Facebook email is being blocked because servers it uses
are on a SpamCop blacklist. How can I allow mail from servers
identifying themselves as<anything>.facebook.com before blacklist
processing?
You may want to put facebook in check_helo_access instead; however, this
opens you up to all sorts of spam unless you also require proper
forward+reverse DNS for MXen.
Put in the prelevant reject_*_helo and reject_non-fqdn_* restrictions so
HELOs will be worth checking; then implement check_helo_access for your
facebook issue.
I would avoid using check_helo_access for any kind of
whitelisting since it's easily and frequently forged. Use
check_helo_access for whitelisting only as a last resort.
A far better choice is to whitelist by the client name or IP
block.
