1

Topic: DNSBLs in main.cf not working

I've added both Spamhaus ZEN and Spamcop DNS blacklists in the postfix 'main.cf' configuration file and it is failing to work. I put the 'reject_rbl_client' directive for each of the DNSBLs, 'zen.spamhaus.org' and 'bl.spamcop.net', within the 'smtpd_recipient_restrictions' directive. The line looks like this:

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031

I've sent mail to my server from a Spamhaus ZEN listed IP and am not being disconnected at any stage of the mail transmission process; in fact, I can send an e-mail in just fine. According to the documentation, a host that is blocked is supposed to receive a 55x SMTP error code during the session.

I've searched the posts on this forum for a remedy and all of the advice (including solved issues, so it's working for someone!) is to setup the configuration as I have it. Am I missing something else somewhere? My main.cf is stock to iRedMail with the exception of the modification I made to the smtpd_recipient_restrictions directive.

Thanks,

Brandon

2

Re: DNSBLs in main.cf not working

Maybe you want something like this in smtpd_client_restrictions:

smtpd_client_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_rbl_client sbl.spamhaus.org,
  reject_rbl_client opm.blitzed.org,
  reject_rbl_client cbl.abuseat.org,
  reject_rbl_client dul.dnsbl.sorbs.net,
  reject_rbl_client dun.dnsrbl.net

3 (edited by brandonpoc 2010-04-28 17:31:31)

Re: DNSBLs in main.cf not working

Thanks for the help but it was a different issue I found out ...

Actually, it appears that the problem has to do with the resolv.conf that postfix uses. The postfix configuration that comes with iRedMail uses the chroot etc directory for it's resolv.conf, that is, /var/spool/postfix/etc/resolv.conf, for it's nameservers. IT DOES NOT USE /etc/resolv.conf FOR ITS NAMESERVER CONFIGURATION. The nameservers I was using are not allowed to use the RBL I was referencing (because of high volume in the past, they are 4.2.2.2 and 4.2.2.1 [Level3's name servers] and are blocked by Spamhaus). The working nameservers (those allowed by Spamhaus) were in /etc/resolv.conf and NOT the /var/spool/postfix/etc/resolv.conf. I replaced the nameservers in /var/spool/postfix/etc/resolv.conf to reflect the ones in /etc/resolv.conf and now it works fine.

Just so people having a similar issue will find this in a search of the site, I am putting the following keywords below:

spamhaus spamcop zen sbl pbl xbl
dnsbl not working
blacklist
not resolve
not resolving
no resolution

ZhangHuangbin wrote:

Maybe you want something like this in smtpd_client_restrictions:

smtpd_client_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_rbl_client sbl.spamhaus.org,
  reject_rbl_client opm.blitzed.org,
  reject_rbl_client cbl.abuseat.org,
  reject_rbl_client dul.dnsbl.sorbs.net,
  reject_rbl_client dun.dnsrbl.net

4

Re: DNSBLs in main.cf not working

Big thanks for your sharing smile