Hi
I'm administering an old server using Postfix v2.5.6 and have trouble with
a "check_client_access" rule.
I'm trying to whitelist another system (operating on a dynamic IP address
which is blocked by an RBL) by including its domain in a hash table. I have
access to both systems to test.
When sending from the other system on eg. "host.mydomain.com", email is
being rejected (blocked by zen.spamhaus.org) despite the
check_client_access rule which I'm using to try to bypass the rbl check.
Contents of the relevant files are here:
/etc/postfix/main.cf
=====================
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unverified_recipient,
check_client_access hash:/etc/postfix/rbl_override,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
permit
/etc/postfix/rbl_override
=========================
mydomain.com OK
host.mydomain.com OK
Unless I include the current IP address of the sending server in this
file, email is always rejected at the RCPT TO stage.
If I attempt to check the validity of my hash I get:
# /usr/sbin/postmap -q mydomain.com /etc/postfix/rbl_override
OK
# /usr/sbin/postmap -q host.mydomain.com /etc/postfix/rbl_override
OK
Log excerpt from the recipient side:
====================================
Sep 12 15:36:58 mailsrv postfix/smtpd[30413]: connect from
unknown[210.246.XX.XX]
Sep 12 15:37:32 mailsrv postfix/smtpd[30413]: NOQUEUE: reject: RCPT from
unknown[210.246.XX.XX]: 554 5.7.1 Service unavailable; Client host
[210.246.XX.XX] blocked using zen.spamhaus.org;
https://www.spamhaus.org/query/ip/210.246.XX.XX; from=<jer...@mydomain.com>
to=<jer...@smartpoint.co.nz> proto=SMTP helo=<host.mydomain.com>
Log excerpt from sending server:
================================
Sep 12 15:37:29 host postfix/smtp[25002]: B844E2852FF:
to=<jer...@smartpoint.co.nz>, relay=mailsrv.smartpoint.co.nz[118.93.XXX.X]:25,
delay=0.38, delays=0.07/0/0.22/0.09, dsn=5.7.1, status=bounced (host
mailsrv.smartpoint.co.nz[118.93.XXX.X] said: 554 5.7.1 Service unavailable;
Client host [210.246.XX.XX] blocked using zen.spamhaus.org;
https://www.spamhaus.org query/ip/210.246.XX.XX (in reply to RCPT TO command))
I've scoured the documentation on smtpd_recipient_restrictions and
check_client_access but I can't find anything that says this config only
works on IP addresses, not domains or hostnames. Everything I've read
seems to indicate that check_client_access works on hostnames or IPs.
I also realise this is an old version of Postfix so I appreciate this may
not behave as I am expecting. Could someone please clarify the expected
behaviour and correct any erroneous assumptions on my part. Thanks
