On Mon, Aug 07, 2017 at 01:17:54PM +1000, Voytek wrote:
> I have a user's inbound mail blocked by barracudacentral, is
> there a way to exempt this particular user/domain from this
> particular RBL check ?
> or what else can or should I do ?
Share the looging of this rejection and be more specific. The
problem is with one specific client, or more?
> this is the only known issue with barracuda I have and,
> otherwise it seems quite effective, I think ?
Yes, but like Spamcop, it's an automated list, so it lists some
legitimate outbound servers at times.
Large senders often do content filtering on outbound streams,
directing questionable content to a certain subgroup of their
outbound farms. Members of those subgroups tend to be listed by
Spamcop and BRBL.
I use BRBL in postscreen with 2 points and a threshold of 3. But I
had the same problem [I think] you had: intermittent rejections of
good mail. So I don't use it with reject_rbl_client now.
> smtpd_recipient_restrictions =
> check_policy_service inet:127.0.0.1:7777,
> check_sasl_access hash:/etc/postfix/sasl_access
You should separate submission from your inbound stream. If you must
accept user-submitted mail on port 25, use a different IP address.
> check_recipient_access hash:/etc/postfix/recipient_no_checks,
> check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
> check_helo_access hash:/etc/postfix/helo_checks,
> check_sender_access hash:/etc/postfix/sender_checks,
> check_client_access hash:/etc/postfix/client_checks,
> check_client_access pcre:/etc/postfix/client_checks.pcre,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client b.barracudacentral.org,
> reject_rhsbl_client dbl.spamhaus.org,
> reject_rhsbl_sender dbl.spamhaus.org,
> reject_rbl_client psbl.surriel.com,
> reject_rbl_client ix.dnsbl.manitu.net,
> reject_rbl_client bl.spamcop.net,
I don't know manitu firsthand, so I wouldn't use that restriction.
I *do* know PSBL and Spamcop firsthand, and I definitely wouldn't
recommend those restrictions.
> reject_rbl_client cbl.abuseat.org,
Wasted lookup, as this is included in Zen.
> reject_rhsbl_sender dsn.rfc-ignorant.org,
Ralf discontinued the RFCI lists some years back.
> check_policy_service inet:127.0.0.1:10031
> pflogsumm /var/log/maillog.1 | grep block
> blocked using b.barracudacentral.org (total: 482)
> blocked using bl.spamcop.net (total: 40)
> blocked using dbl.spamhaus.org (total: 133)
> blocked using ix.dnsbl.manitu.net (total: 37)
> blocked using psbl.surriel.com (total: 14)
> blocked using zen.spamhaus.org (total: 3438)
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: