On 13 February 2018 at 08:42, Voytek <li...@sbt.net.au> wrote: > one of the users is waiting for an email from server currently listed on > http://www.dnsbl.manitu.net/lookup.php?value=203.12.160.162 > > chances are it might get fixed in 12 hours, or, maybe not > > short of removing dnsbl.manitu.net from my RBL checks, is there a way to > 'bypass' this current predicament, and, allow mails from the IP/host? > > can I simply put IP ? hostname ? both ? in /etc/postfix/client_checks ? > > or is it /etc/postfix/sender_checks ? as so: > > 203.12.160.162 OK > mail12.tpgi.com.au OK > > > from main.cf: > -- > smtpd_recipient_restrictions = > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unlisted_recipient, > check_policy_service inet:127.0.0.1:7777, > permit_mynetworks, > check_sasl_access hash:/etc/postfix/sasl_access > permit_sasl_authenticated, > reject_unauth_destination, > check_recipient_access hash:/etc/postfix/recipient_no_checks, > check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, > check_helo_access hash:/etc/postfix/helo_checks, > check_sender_access hash:/etc/postfix/sender_checks, <====?? > check_client_access hash:/etc/postfix/client_checks, <=====?? > check_client_access pcre:/etc/postfix/client_checks.pcre, > reject_rbl_client zen.spamhaus.org, > reject_rhsbl_client dbl.spamhaus.org, > reject_rhsbl_sender dbl.spamhaus.org, > reject_rbl_client psbl.surriel.com, > reject_rbl_client ix.dnsbl.manitu.net, > reject_rbl_client bl.spamcop.net, > check_policy_service inet:127.0.0.1:10031 > > > ----------- > Feb 13 15:11:59 emu postfix/smtpd[12324]: NOQUEUE: reject: RCPT from > mail12.tpgi.com.au[203.12.160.162]: 554 5.7.1 Service unavailable; Client > host [203.12.160.162] blocked using ix.dnsbl.manitu.net; Your e-mail > service was detected by spam.over.port25.me (NiX Spam) as spamming at Tue, > 13 Feb 2018 00:10:11 +0100. Your admin should visit > http://www.dnsbl.manitu.net/lookup.php?value=203.12.160.162; > from=<ju...@dom.tld.au> to=<s...@dom2.tld> proto=ESMTP > helo=< > > mail12 > > .tpgi.com.au <http://mail12.tpgi.com.au>>
For use within restriction list(s): check_client_access is for checking the purported address, or the ip, of the incoming connecting client check_sender_access is for checking the MAILFROM address (envelope sender) check_helo_access is for checking the HELO/EHLO response name For use outside restriction list(s): (hence later/slower) header_checks can be used for checking email headers - including the 'From:' header address (which may well be different to the MAILFROM address). In your case you can put either the ip or the client address onto a new line in the file referenced by check_client_access, followed by ' OK', and then postmap it afterwards. You might want to add tpgi.com.au rather than mail12.tpgi.com.au (assuming smtpd_access_maps is listed in parent_domain_matches_subdomains, which is the default case). Yes it is a little confusing at first...
