Hello,
I have try it - see bellow, but without removing also from PBL it fail, while Peter Evans <pe...@ixp.jp>s server use zen.spamhouse.org which includes also PBL list (dynamic address check). LOG: Mar 9 11:09:07 duron650 postfix/smtp[2873]: B316BA2A79: to=<pe...@ixp.jp>, relay=mail.ixp.jp[222.147.76.196]:25, delay=9.1, delays=0.26/0.09/8/0.7, dsn=5.7.1, status=bounced (host mail.ixp.jp[222.147.76.196] said: 550 5.7.1 Service unavailable; client [85.71.234.108] blocked using zen.spamhaus.org (in reply to RCPT TO command)) Mar 9 11:09:08 duron650 postfix/cleanup[2872]: 1185DA2BE7: message-id=<20110309100908.1185da2...@108.234.broadband4.iol.cz> (FYI: This mail is send via webmail volny.cz) --kapetr ORIGINAL MESSAGE: Od: Jiří Pánek <jiri.pa...@email.cz> Komu: Peter Evans <pe...@ixp.jp> Předmět: Re: posfix rejected from google server Datum: Wed, 09 Mar 2011 11:08:56 +0100 Hello, this is a direct email (I have set my Postix back for this test to direct sending - without relayhost). In my main.cf is: myhostname = 108.234.broadband4.iol.cz >Date: Mon, 7 Mar 2011 09:01:21 +0900 >From: "Peter Evans" <pe...@ixp.jp> >Subject: Re: posfix rejected from google server > >Just out of curiosity, can you try to send mail directly to me? >After you have removed yourself, it should take less than about an >hour >to >clear from the CBL + PBL. >Then mail should go through. On cbl.abuseat.org I have request - it is now OK. The http://www.spamhaus.org/pbl/query/PBL043205 I have left unchanged, after reading the explanation. It is not black list, so we will see, if is it true and this email will arrive you :-) > >>A pity that cbl.abuseat.org, as described in >>http://cbl.abuseat.org/faq.html, do not explain criteria how >>someones IP can get into their CBL list. > >By sending mail to one of their very large spamtrap domains. The >reason >they >do not tell >you how you get on is that if they did, spammers would be able to >avoid >> them and thus reduce the efficacy thereof. > >Looking at the timestamp on the CBL, was that IP address your ADSL >modem at that time? Yes, it was! That is, why I am so confused about the CBL spam listing! And the listed time corresponds to the test mail send to GMAIL. Not to spamtrap domain. After that, there was no other incidents - that is why I mean, that I'm not infected. So it is mystery for me, how I get into this list. I have added to my FW rules: -A ufw-user-output -o eth0 -p tcp -m tcp --syn -m multiport --dports 25,465,587 -j LOG --log-prefix "[MAIL OUTPUT] " --log-tcp-options --log-uid and nothing suspect. No spambot here (if it is not hidden rootkit of course). Let me know, if it arrives you. Thanks --kapetr
