Hello,
I have tried to whitelist some servers for postscreen, but I notice that
they continue to get blocked if they are blacklisted.
What I am doing wrong in whitelisting them?
How can I successfully whitelist them so that they are not blocked even
if they are blacklisted in a RBL/RSBL?
Here is a session with remote server 195.134.100.81 (ours is 62.217.124.2):
Aug 31 11:14:01 mailgw3 postfix/postscreen[6476]: CONNECT from
[195.134.100.81]:50520 to [62.217.124.2]:25
Aug 31 11:14:02 mailgw3 postfix/dnsblog[6328]: addr 195.134.100.81
listed by domain b.barracudacentral.org as 127.0.0.2
Aug 31 11:14:07 mailgw3 postfix/postscreen[6476]: DNSBL rank 2 for
[195.134.100.81]:50520
Aug 31 11:14:07 mailgw3 postfix/postscreen[6476]: NOQUEUE: reject: RCPT
from [195.134.100.81]:50520: 550 5.7.1 Service unavailable; client
[195.134.100.81] blocked using b.barracudacentral.org; from=<>,
to=<gna...@noa.gr>, proto=SMTP, helo=<mta02.uoa.gr>
Aug 31 11:14:07 mailgw3 postfix/postscreen[6476]: NOQUEUE: reject: RCPT
from [195.134.100.81]:50520: 550 5.7.1 Service unavailable; client
[195.134.100.81] blocked using b.barracudacentral.org;
from=<postmas...@noc.uoa.gr>, to=<gna...@noa.gr>, proto=SMTP,
helo=<mta02.uoa.gr>
Aug 31 11:14:07 mailgw3 postfix/postscreen[6476]: DISCONNECT
[195.134.100.81]:50520
My setup (on Postfix 2.11.0):
# postconf -n
allowed_list1 = check_client_access cidr:/etc/postfix/vmail.cidr,reject
allowed_list2 = check_client_access
cidr:/etc/postfix/internalnetworks.cidr,reject
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
default_process_limit = 50
disable_vrfy_command = yes
enable_long_queue_ids = yes
header_checks = pcre:/etc/postfix/blacklisted_maillists
html_directory = no
inet_interfaces = all
inet_protocols = ipv4, ipv6
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mail_name = NOA Mail Srv XAPITI XPICTOY
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 15728640
mydestination =
mynetworks = 127.0.0.1/32 [::1]/128
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_exceptions.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = b.barracudacentral.org*2, zen.spamhaus.org*2,
psbl.surriel.com*2
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
relay_domains = noa.gr, astro.noa.gr, admin.noa.gr, nestor.noa.gr,
space.noa.gr, meteo.noa.gr, gein.noa.gr, technet.noa.gr, hesperia-space.eu
relay_recipient_maps =
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_client_access
hash:/etc/postfix/amavis_bypass check_sender_access
hash:/etc/postfix/blacklisted_senders check_sender_access
pcre:/etc/postfix/blacklisted_maillists reject_unverified_recipient
reject_unauth_destination check_recipient_access
hash:/etc/postfix/protected_destinations permit_mynetworks
reject_invalid_hostname reject_unauth_pipelining reject_non_fqdn_sender
reject_unknown_sender_domain reject_non_fqdn_recipient
reject_unknown_recipient_domain reject_rbl_client b.barracudacentral.org
reject_rbl_client zen.spamhaus.org reject_rbl_client psbl.surriel.com
reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net
reject_rhsbl_client dbl.spamhaus.org reject_rhsbl_sender
dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org check_policy_service
unix:postgrey/socket permit
smtpd_restriction_classes = allowed_list1,allowed_list2
smtpd_tls_CAfile = /etc/pki/tls/certs/DigiCertCA.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/star_noa_gr-1365536.crt
smtpd_tls_exclude_ciphers = DES,3DES,MD5,aNULL,AES128,CAMELLIA128
smtpd_tls_key_file = /etc/pki/tls/private/star_noa_gr-1365536.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
transport_maps = hash:/etc/postfix/transportmap
unknown_local_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtualmap
and cidr:/etc/postfix/postscreen_exceptions.cidr is:
195.134.100.72 dunno
195.134.100.69 dunno
195.134.100.81 dunno
195.134.100.119 dunno
Please advise!
Thanks a lot,
Nick
