On 3/20/2012 11:28 AM, Nicolas Kovacs wrote: > Hi, > > I'm an Austrian Linux user living and working in South France. > > I've just setup a basic - and working - mail server on Debian > Squeeze, using Postfix and Dovecot. > > I've installed policyd-weight for basic spam filtering. Since the > defaults are quite restrictive, I thought I'd try with a bit of > additional whitelisting. > > I tried a first rejected mail, read the logs and edited > /etc/postfix/whitelist accordingly: > > # /etc/postfix/whitelist > smtp-152-tuesday.nerim.net OK > 194.79.134.152 OK > > And then: > > # postmap whitelist > > The relevant stanza in main.cf looks like this: > > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > check_client_access hash:/etc/postfix/whitelist, > check_policy_service inet:127.0.0.1:12525 > smtpd_helo_required = yes > > This first problem resolved fine, and the initially refused mail can > go through now. > > But I'm facing another problem with a message from Hotmail, which > gets rejected over and over. > > Here's what the log looks like: > > # grep policyd /var/log/mail.log > ... > Mar 20 17:09:27 sd-25854 postfix/policyd-weight[4905]: weighted > check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 > NOT_IN_BL_NJABL=-1.5 IN_IPv6_RBL=4.25 CL_IP_NE_HELO=5.75 > RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .hotmail. - helo: > .dub0-omc2-s26.dub0.hotmail. - helo-domain: .hotmail.) > MAIL_SEEMS_FORGED=2.5; <client=157.55.1.165> > <helo=dub0-omc2-s26.dub0.hotmail.com> <from=kikino...@hotmail.com> > <to=kikino...@radionovak.com>; rate: 9.5 > Mar 20 17:09:27 sd-25854 postfix/policyd-weight[4905]: decided > action=550 Mail appeared to be SPAM or forged. Ask your > Mail/DNS-Administrator to correct HELO and DNS MX settings or to get > removed from DNSBLs; MTA helo: dub0-omc2-s26.dub0.hotmail.com, MTA > hostname: unknown[157.55.1.165] (helo/hostname mismatch); > <client=157.55.1.165> <helo=dub0-omc2-s26.dub0.hotmail.com> > <from=kikino...@hotmail.com> <to=kikino...@radionovak.com>; delay: 1s > ... > > Now I tried to add this to /etc/postfix/whitelist: > > # /etc/postfix/whitelist > smtp-152-tuesday.nerim.net OK > 194.79.134.152 OK > hotmail.com OK > > ... but messages from Hotmail still get rejected. > > Which leaves me clueless. Any suggestions? > > Cheers from South France, > > Niki Kovacs >
You sure that mail is really from hotmail? The IP shown in your log snippit is owned by Microsoft, but doesn't seem to have an rDNS hostname; that's quite unusual for hotmail as it's common practice to reject clients with no rDNS. And the HELO name doesn't resolve to an IP address, which is also unusual (but not unheard of) for hotmail. Anyway, if you really want to whitelist that client, you'll need to use the IP address since it doesn't have a hostname. Your whitelist is a client whitelist, so it requires either a verified client hostname or parent domain name, or an IP address. -- Noel Jones
