Hi, Much thanks. Lost ahbl, and glad to see it go.
Thanks. Dave. On 3/17/17, /dev/rob0 <r...@gmx.co.uk> wrote: > On Fri, Mar 17, 2017 at 05:12:07PM -0400, David Mehler wrote: >> I'm starting to see blocks on my messages to my mail server. For some >> reason postscreen is not letting any gmail servers send mail, it's >> blocking them. >> >> Has anyone got an idea or have you seen this? > > Typically you would SHOW LOGS of the blocking when asking for help, > but in your case it's pretty obvious. > >> Here's my postscreen setup: >> >> # postscreen(8) settings >> ### Before-220 tests >> postscreen_greet_action = enforce >> postscreen_blacklist_action = enforce >> postscreen_dnsbl_action = enforce >> postscreen_access_list = permit_mynetworks >> cidr:/usr/local/etc/postfix/postscreen_access.cidr >> postscreen_dnsbl_reply_map = >> pcre:/usr/local/etc/postfix/postscreen_dnsbl_reply_map.pcre >> postscreen_dnsbl_sites = zen.spamhaus.org*3 >> b.barracudacentral.org*2 >> bl.spameatingmonkey.net*2 >> dnsbl.ahbl.org*2 > > Closed as of 2015-01-01 when it began flagging EVERYTHING by means of > a DNS wildcard. > > Read: > http://www.ahbl.org/ (click through to the main page) and > http://rob0.nodns4.us/postscreen.html > > In the latter start with the BIG FAT WARNING and then take special > note of what it says about AHBL in the "Last Changes" section. > >> bl.spamcop.net >> dnsbl.sorbs.net >> psbl.surriel.com >> bl.mailspike.net >> swl.spamhaus.org*-4 >> list.dnswl.org=127.[0..255].[0..255].0*-2 >> list.dnswl.org=127.[0..255].[0..255].1*-3 >> list.dnswl.org=127.[0..255].[0..255].[2..255]*-4 > > These are as I published them but they are wrong. Better: > list.dnswl.org=127.0.[2..15].0*-2 > list.dnswl.org=127.0.[2..15].1*-3 > list.dnswl.org=127.0.[2..15].[2..3]*-4 > This corresponds to DNSWL.org's own usage instructions. > >> postscreen_dnsbl_threshold = 2 >> postscreen_dnsbl_whitelist_threshold = -2 > > Looks familiar except you changed these two threshold values. Just > stick with what I have: > postscreen_dnsbl_threshold = 3 > postscreen_dnsbl_whitelist_threshold = -1 > > Your lower postscreen_dnsbl_threshold value caused every single AHBL > listing (which, in case you didn't understand, now includes the > entirety of the Internet) to be a rejection unless offset by a > whitelist entry. > > Your higher whitelist threshold makes it more difficult to avoid the > after-220 tests ... > >> ### End of before-220 tests >> ### After-220 tests >> ### WARNING -- See "Tests after the 220 SMTP server greeting" in the >> ### Postscreen Howto and *UNDERSTAND* it *BEFORE* you enable the >> ### following tests! >> #postscreen_bare_newline_action = drop >> #postscreen_bare_newline_enable = yes >> #postscreen_non_smtp_command_action = drop >> #postscreen_non_smtp_command_enable = yes >> #postscreen_pipelining_enable = yes >> #postscreen_pipelining_action = drop >> ### ADDENDUM: Any one of the foregoing three *_enable settings may cause >> ### significant and annoying mail delays. > > ... which in your case doesn't matter because you didn't enable them. > >> Any assistance appreciated. > > Lose AHBL. > -- > http://rob0.nodns4.us/ > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: >
