On 11/17/2016 1:22 AM, Voytek wrote: > just noticed some email sent from gmail/google bouncing from my server as > sorbs RBL had that server/host listed; > > Nov 17 12:56:47 emu postfix/smtpd[16381]: NOQUEUE: reject: RCPT from > mail-ua0-f170.google.com[209.85.217.170]: 554 5.7.1 Service unavailable; > Client host [209.85.217.170] blocked using dnsbl.sorbs.net; Currently > Sending Spam See: http://www.sorbs.net/lookup.shtml?209.85.217.170; > from=<e...@tld.au> to=<voy...@xyz.au> proto=ESMTP > helo=<mail-ua0-f170.google.com> > > > what is correct way to whiltelist gmail/google > > I have like this in main.cf[1] > > so I should enter gmail into /etc/postfix/client_checks , yes? > > do I need all google smtp published IPs, OR, can I just have like: > > gmail.com OK > google.com OK ?
Yes, whitelisting "gmail.com" and "google.com" clients should take care of this problem. Make sure this whitelist is AFTER reject_unauth_destination > > what other 'well known services' like google should I whitelist, yahoo, > hotmail ? If you insist on using an RBL with high collateral damage, you'll probably need to whitelist all the major providers... > > thanks for any pointers Pick your RBLs carefully. "More" isn't always "better". -- Noel Jones > > [1] > ... > smtpd_recipient_restrictions =. > reject_unknown_sender_domain, > reject_unknown_recipient_domain,. > reject_non_fqdn_sender,. > reject_non_fqdn_recipient,. > reject_unlisted_recipient,. > check_policy_service inet:127.0.0.1:7777,. > permit_mynetworks, > check_sasl_access hash:/etc/postfix/sasl_access > permit_sasl_authenticated, > reject_unauth_destination, > check_recipient_access hash:/etc/postfix/recipient_no_checks, > check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, > check_helo_access hash:/etc/postfix/helo_checks, > check_sender_access hash:/etc/postfix/sender_checks, > check_client_access hash:/etc/postfix/client_checks, > check_client_access pcre:/etc/postfix/client_checks.pcre, > reject_rbl_client zen.spamhaus.org, > reject_rhsbl_client dbl.spamhaus.org, > reject_rhsbl_sender dbl.spamhaus.org, > ... >
