Le 16/06/2011 22:33, Petre Bandac a écrit : > On Thu, 16 Jun 2011 22:26:24 +0200 Anno Domini > the honourable mouss <mo...@ml.netoyen.net> wrote using one of his/her > keyboards: > >> Le 16/06/2011 18:34, Petre Bandac a écrit : >>> hello >>> >>> in the last period I had several complains about mail originating >>> from yahoo/gmail not reaching the mailbox >>> >>> logging in the logs I found entries like this: >>> >>> ### >>> Jun 16 10:07:12 mx postfix/smtpd[27072]: NOQUEUE: reject: RCPT from >>> mail-fx0-f67.google.com[209.85.161.67]: 554 5.7.1 Service >>> unavailable; Client host [209.85.161.67] blocked using >>> dnsbl.sorbs.net; Currently Sending Spam See: >>> http://www.sorbs.net/lookup.shtml?209.85.161.67; >>> from=<x...@clicknet.ro> to=<x...@xxxx.ro> proto=ESMTP >>> helo=<mail-fx0-f67.google.com> >> >> >> http://en.wikipedia.org/wiki/Spam_and_Open_Relay_Blocking_System#Aggressiveness >> >> PS. your subject says "different" rbl's, but you only show one RBL. > > sorry, I did a copy/paste after commenting the lines > > reject_rbl_client cbl.abuseat.org
cbl is included in zen. check if you really want to check cbl... > reject_rbl_client zen.spamhaus.org > reject_rbl_client dnsbl.sorbs.net you could try the "safe" subzone. but it's better to remove sorbs from postfix. sorbs may be better in spamassassin. > reject_rbl_client combined.njabl.org zen includes part of njabl. grep your logs to see if the above catches anything. > reject_rbl_client ix.dnsbl.manitu.net I have no experience with manitu. so I can't speak for that. > > >> >>> [snip] >>> is there any (more) elegant solution for keeping rbl queries and >>> allow legit yahoo/gmail emails ? >>> >> >> use DNSWL. did you see the line above? > > as a conclusion, I will stop using sorbs, as wietse pointed ... > interesting how the easiest solutions are sometimes last to be taken > in consideration :) When you add a DNSBL, use warn_if_reject for some time to see the results. the following lists are considered "safe" at smtp time (whatever is the definition of safe): zen.spamhaus.org bl.spamcop.net psbl.surriel.com korea.services.net but do not use any list without reading its policy. (if you read sorbs policy, you'll see that they can list big players. you can disagree with this, but it's their policy. the believe that "no one is too big to block").
