On Tue, Aug 21, 2012 at 09:03:47AM -0500, Alfonso Alejandro Reyes
Jiménez wrote:
I've postfix working great but I cant make the rbl works, I have
the configuration but when I test the configuration it seems not
to be working.
I'm testing with http://www.crynwr.com/spam/ Spamhaus has that ip
address listed but I'm still getting those emails.
Here's the postconf -n result:
[root@mail ~]# postconf -n
Irrelevant parts removed, possibly relevant lines here:
mynetworks = 127.0.0.0/8, 10.1.8.27/32, 10.1.8.23/32,
172.16.18.101/32, 10.1.215.26/32
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_rbl_client
zen.spamhaus.org,reject_rhsbl_sender
dsn.rfc-ignorant.org,reject_unauth_destination
any ideas? thanks in advance for your help.
You neglected to show the logs of the acceptance of the crynwr.com
test mail.
Nevertheless, I do have a WAG for you. Test your server's ability to
resolve records in zen.spamhaus.org.
[alfonso@mail ~]$ dig 2.0.0.127.zen.spamhaus.org. any
You should see among the output:
;; ANSWER SECTION:
2.0.0.127.zen.spamhaus.org. 300 IN TXT
"http://www.spamhaus.org/query/bl?ip=127.0.0.2";
2.0.0.127.zen.spamhaus.org. 300 IN TXT
"http://www.spamhaus.org/sbl/query/SBL233";
2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.4
2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.10
2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.2
If you're using a nameserver external to you, such as Google Public
DNS or any ISP's resolver, there is a very good chance that Spamhaus
is blocking your queries.
If my guess is right, you can possibly fix it by installing and using
your own local caching resolver, i.e., BIND named(8) or other
implementation of DNS recursion. Offer void where taxed or
restricted, or if your number of queries puts you in excess of
Spamhaus maximum allowed. (In that case, see about their paid
service; well worth the small expense per mailbox.)
I'm sorry I forgot that information.
Logs:
Aug 21 08:01:48 mail postfix/smtpd[23635]: warning: 200.77.229.165:
address not listed for hostname correo2.test.com.mx
Aug 21 08:03:32 mail postfix/smtpd[23635]: warning: 200.77.229.166:
address not listed for hostname correo3.test.com.mx
Aug 21 08:52:11 mail postfix/smtpd[23847]: warning: 200.13.34.22:
address not listed for hostname correo4.test.com.mx
I couldn't find more logs about.
The IP that's testing my mail server is 192.203.178.107, I used the
spamhaus lookup tool to confirm that the IP was listed.
Aug 21 09:33:58 mail postfix/smtpd[24060]: connect from
sbl.crynwr.com[192.203.178.107]
Aug 21 09:33:58 mail postfix/smtpd[24060]: AB5455D5:
client=sbl.crynwr.com[192.203.178.107]
Aug 21 09:33:58 mail postfix/cleanup[24065]: AB5455D5:
message-id=<1345559...@sbl.crynwr.com>
Aug 21 09:33:59 mail postfix/smtpd[24060]: disconnect from
sbl.crynwr.com[192.203.178.107]
Aug 21 09:33:58 mail postfix/smtpd[24060]: AB5455D5:
client=sbl.crynwr.com[192.203.178.107]
Aug 21 09:33:58 mail postfix/cleanup[24065]: AB5455D5:
message-id=<1345559...@sbl.crynwr.com>
Aug 21 09:33:59 mail postfix/qmgr[20868]: AB5455D5: from=<>, size=393,
nrcpt=1 (queue active)
Aug 21 09:33:59 mail postfix/local[24067]: AB5455D5:
to=<are...@domain123.com>, relay=local, delay=0.87,
delays=0.48/0.01/0/0.38, dsn=2.0.0, status=sent (delivered to maildir)
Aug 21 09:33:59 mail postfix/qmgr[20868]: AB5455D5: removed
That email was delivered.
Thanks for the tip but I have bind running and it seems not to be
allowed to make queries to spamhaus:
[root@mail ~]# dig 2.0.0.127.zen.spamhaus.org any
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>>
2.0.0.127.zen.spamhaus.org any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35309
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;2.0.0.127.zen.spamhaus.org. IN ANY
;; AUTHORITY SECTION:
zen.spamhaus.org. 6 IN SOA need.to.know.only.
hostmaster.spamhaus.org. 1208211440 3600 600 432000 150
;; Query time: 71 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 21 09:44:12 2012
;; MSG SIZE rcvd: 108
[root@mail ~]#
Here's the DNS config part:
[root@mail ~]# vi /etc/resolv.conf
# Generated by NetworkManager
nameserver 127.0.0.1
The BIND forwarding is made to a public dns do you think that could be
the problem?
Regards.
