Re: yahoo/gmail listed on different rbl's

Thu, 16 Jun 2011 13:35:13 -0700 

On Thu, 16 Jun 2011 22:26:24 +0200 Anno Domini
the honourable mouss <mo...@ml.netoyen.net> wrote using one of his/her
keyboards:

> Le 16/06/2011 18:34, Petre Bandac a écrit :
> > hello
> > 
> > in the last period I had several complains about mail originating
> > from yahoo/gmail not reaching the mailbox
> > 
> > logging in the logs I found entries like this:
> > 
> > ###
> > Jun 16 10:07:12 mx postfix/smtpd[27072]: NOQUEUE: reject: RCPT from
> > mail-fx0-f67.google.com[209.85.161.67]: 554 5.7.1 Service
> > unavailable; Client host [209.85.161.67] blocked using
> > dnsbl.sorbs.net; Currently Sending Spam See:
> > http://www.sorbs.net/lookup.shtml?209.85.161.67;
> > from=<x...@clicknet.ro> to=<x...@xxxx.ro> proto=ESMTP
> > helo=<mail-fx0-f67.google.com>
> 
> 
> http://en.wikipedia.org/wiki/Spam_and_Open_Relay_Blocking_System#Aggressiveness
> 
> PS. your subject says "different" rbl's, but you only show one RBL.

sorry, I did a copy/paste after commenting the lines

   reject_rbl_client        cbl.abuseat.org
   reject_rbl_client        zen.spamhaus.org
   reject_rbl_client        dnsbl.sorbs.net
   reject_rbl_client        combined.njabl.org
   reject_rbl_client        ix.dnsbl.manitu.net


> 
> > [snip]
> > is there any (more) elegant solution for keeping rbl queries and
> > allow legit yahoo/gmail emails ?
> > 
> 
> use DNSWL.
> > [snip]
> > smtpd_recipient_restrictions =
> > 
> > check_sender_access hash:/usr/local/etc/postfix/sender_checks,
> > permit_sasl_authenticated,
> > permit_mynetworks,
> > check_client_access
> > hash:/usr/local/etc/postfix/spammers-accepted,   
> > reject_non_fqdn_recipient,   
> > reject_unknown_sender_domain,
> > reject_unknown_recipient_domain,   
> > reject_unauth_destination,   
> > reject_unauth_pipelining,
> > reject_invalid_hostname,   
> > reject_non_fqdn_hostname,   
> > permit_mx_backup,   
> > reject
> > 
> 
> 1) I see no reject_rbl_*
> 
> 2) This is unsafe. do not put check_*_access before
> reject_unauth_destination.

will do, thanks for the observation



as a conclusion, I will stop using sorbs, as wietse pointed ...
interesting how the easiest solutions are sometimes last to be taken
in consideration :)


thanks (everybody) for your time,

petre

> > [snip]



-- 

Petre Bandac

Network Scientist

-

pe...@kgb.ro

Attachment: signature.asc
Description: PGP signature

Reply via email to