[ You really must start a new thread when posting on a new topic.
DO NOT reply to a previous message, that breaks message threading. ]
On Tue, Aug 21, 2018 at 11:32:57AM -0400, Fongaboo wrote:
> Last night, it would appear that zen.spamhaus.org started blacklisting a
> number of IPs assigned to Spectrum consumers, of which I am one.
That's fine, so long as you're not running an MTA on a dynamic
customer IP.
> When I tried telnetting to port 25 of my mail server and manually sending
> a message to one of our virtual mailboxes, I got this error:
Use port 587 for submission.
> 554 5.7.1 Service unavailable; Client host [<my-ip-address>] blocked using
> zen.spamhaus.org
This is expected.
> I tried putting a bunch of /8's that I know to be assigned to Spectrum,
> one of which my own IP was definitely within, into rbl_override. I then
> ran postmap rbl_override and restarted postfix.
Use port 587 for submission, require TLS and authentication, and
don't use RBL checks on that port.
See the commented out submission entry in the stock /etc/postfix/master.cf:
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
adjust to suit your needs.
--
Viktor.
