I don't see your master.cf here. In a setup like this I'd assume you
may be running more than one smtpd for submission. master.cf settings
can override main.cf settings. This might explain why you're seeing
behavior different than what main.cf says you should be seeing. Please
post master.cf.
--
Stan
Michael Orlitzky put forth on 9/23/2010 8:37 PM:
> We run a private RBL, jerks.viabit.com, and check against it as well as
> four other lists at SMTP time. Occasionally, I'll get a false positive
> due to blocking an entire /24 and want to whitelist them from our
> private RBL check but not against e.g. Spamhaus. I'm doing something
> wrong w.r.t. restriction classes.
>
> Here's what I think is relevant (full postconf -n at the end). Some
> paths were shortened to avoid line wrapping:
>
> smtpd_restriction_classes = all_rbls, public_rbls
>
> all_rbls =
> reject_rbl_client jerks.viabit.com,
> reject_rbl_client psbl.surriel.com,
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client b.barracudacentral.org
>
> public_rbls =
> reject_rbl_client psbl.surriel.com,
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client b.barracudacentral.org
>
> smtpd_recipient_restrictions =
> reject_unauth_destination,
> reject_unlisted_recipient,
> check_recipient_access hash:/<fudged>/recipient_verify_domains,
> check_recipient_access hash:/etc/postfix/maps/rfc_addresses,
> reject_non_fqdn_helo_hostname,
> reject_invalid_helo_hostname,
> reject_non_fqdn_sender,
> reject_unknown_reverse_client_hostname,
> reject_unknown_sender_domain,
> check_client_access pcre:/<fudged>/generic_rbl_clients.pcre,
> check_sender_access hash:/etc/postfix/maps/backscatter_senders,
> reject_rhsbl_client dbl.spamhaus.org,
> reject_rhsbl_helo dbl.spamhaus.org,
> reject_rhsbl_sender dbl.spamhaus.org,
> check_policy_service unix:private/policyd-spf,
> check_policy_service unix:private/postgrey,
> permit
>
> The content of generic_rbl_clients.pcre:
>
> # sutton-partners.com
> /^64\.191\.79\.245$/ public_rbls
>
> # mabel.ca
> /^70\.38\.108\.42$/ public_rbls
>
> # dsnews.com
> /^209\.172\.40\.21[157]$/ public_rbls
>
> # Default: check these lists.
> #
> /./ all_rbls
>
> However, 64.191.79.245 is still being subjected to the private RBL check:
>
> Sep 23 10:05:42 mx1 postfix/smtpd[12164]: connect from
> unknown[64.191.79.245]
>
> Sep 23 10:05:44 mx1 postfix/smtpd[12164]: NOQUEUE: reject: RCPT from
> unknown[64.191.79.245]: 554 5.7.1 Service unavailable; Client host
> [64.191.79.245] blocked using jerks.viabit.com; You've been sending
> us spam. If you feel this is a mistake, please contact
> ab...@viabit.com.; from=<sen...@ntcmd.com>
> to=<u...@example.com> proto=ESMTP
> helo=<3dr.juicebox360.com>
>
> Sep 23 10:05:54 mx1 postfix/smtpd[12164]: disconnect from
> unknown[64.191.79.245]
>
> I've restarted Postfix. What did I screw up?
>
>
> # postconf -n
> address_verify_positive_expire_time = 7d
> address_verify_positive_refresh_time = 3h
> address_verify_sender = postmas...@viabit.com
> append_dot_mydomain = no
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = amavisd-new:localhost:10024
> disable_vrfy_command = yes
> inet_interfaces = 127.0.0.1, 65.246.80.15
> local_recipient_maps =
> local_transport = error:local mail delivery is disabled.
> message_size_limit = 100000000
> multi_instance_directories = /etc/postfix-fax1
> multi_instance_enable = yes
> multi_instance_wrapper = ${command_directory}/postmulti -p --
> mydestination =
> mydomain = viabit.com
> myhostname = mx1.viabit.com
> mynetworks_style = host
> relay_domains = hash:/etc/postfix/maps/relay_domains,
> hash:/etc/postfix/maps/relay_domains-permanent,
> proxy:pgsql:/etc/postfix/maps/relay_domains.pgsql
> relay_recipient_maps = hash:/etc/postfix/maps/relay_recipient_maps,
> hash:/etc/postfix/maps/relay_recipient_maps-permanent,
> proxy:pgsql:/etc/postfix/maps/relay_recipient_maps.pgsql
> relayhost = mail1.viabit.com
> show_user_unknown_table_name = no
> smtp_discard_ehlo_keywords = dsn
> smtp_mx_session_limit = 3
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_discard_ehlo_keywords = dsn
> smtpd_error_sleep_time = 10
> smtpd_etrn_restrictions = reject
> smtpd_hard_error_limit = 5
> smtpd_helo_required = yes
> smtpd_junk_command_limit = 3
> smtpd_recipient_restrictions = reject_unauth_destination,
> reject_unlisted_recipient, check_recipient_access
> hash:/etc/postfix/maps/recipient_verify_domains, check_recipient_access
> hash:/etc/postfix/maps/rfc_addresses,
> reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
> reject_non_fqdn_sender, reject_unknown_reverse_client_hostname,
> reject_unknown_sender_domain, check_client_access
> pcre:/etc/postfix/maps/generic_rbl_clients.pcre, check_sender_access
> hash:/etc/postfix/maps/backscatter_senders, reject_rhsbl_client
> dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org,
> reject_rhsbl_sender dbl.spamhaus.org, check_policy_service
> unix:private/policyd-spf, check_policy_service unix:private/postgrey,
> permit
> smtpd_restriction_classes = all_rbls, public_rbls
> smtpd_soft_error_limit = 2
> strict_rfc821_envelopes = yes
> transport_maps = hash:/etc/postfix/maps/transport_maps
> unknown_client_reject_code = 550
> unverified_recipient_reject_code = 550
> virtual_transport = error:virtual mail delivery is disabled.
