On Mon, Aug 07, 2017 at 01:17:54PM +1000, Voytek wrote:
> I have a user's inbound mail blocked by barracudacentral, is
> there a way to exempt this particular user/domain from this
> particular RBL check ?
> or what else can or should I do ?

Share the looging of this rejection and be more specific.  The 
problem is with one specific client, or more?

> this is the only known issue with barracuda I have and,
> otherwise it seems quite effective, I think ?

Yes, but like Spamcop, it's an automated list, so it lists some 
legitimate outbound servers at times.

Large senders often do content filtering on outbound streams, 
directing questionable content to a certain subgroup of their 
outbound farms.  Members of those subgroups tend to be listed by 
Spamcop and BRBL.

I use BRBL in postscreen with 2 points and a threshold of 3.  But I 
had the same problem [I think] you had: intermittent rejections of 
good mail.  So I don't use it with reject_rbl_client now.

> smtpd_recipient_restrictions =
>  reject_unknown_sender_domain,
>  reject_unknown_recipient_domain,
>  reject_non_fqdn_sender,
>  reject_non_fqdn_recipient,
>  reject_unlisted_recipient,
>  check_policy_service inet:,

>  permit_mynetworks,
>  check_sasl_access hash:/etc/postfix/sasl_access
>  permit_sasl_authenticated,

You should separate submission from your inbound stream.  If you must 
accept user-submitted mail on port 25, use a different IP address.

>  reject_unauth_destination,
>  check_recipient_access hash:/etc/postfix/recipient_no_checks,
>  check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
>  check_helo_access hash:/etc/postfix/helo_checks,
>  check_sender_access hash:/etc/postfix/sender_checks,
>  check_client_access hash:/etc/postfix/client_checks,
>  check_client_access pcre:/etc/postfix/client_checks.pcre,
>  reject_rbl_client zen.spamhaus.org,
>  reject_rbl_client b.barracudacentral.org,
>  reject_rhsbl_client dbl.spamhaus.org,
>  reject_rhsbl_sender dbl.spamhaus.org,

>  reject_rbl_client psbl.surriel.com,
>  reject_rbl_client ix.dnsbl.manitu.net,
>  reject_rbl_client bl.spamcop.net,

I don't know manitu firsthand, so I wouldn't use that restriction.
I *do* know PSBL and Spamcop firsthand, and I definitely wouldn't 
recommend those restrictions.

>  reject_rbl_client cbl.abuseat.org,

Wasted lookup, as this is included in Zen.

>  reject_rhsbl_sender dsn.rfc-ignorant.org,

Ralf discontinued the RFCI lists some years back.

>  check_policy_service inet:
>  pflogsumm /var/log/maillog.1 | grep block
>     blocked using b.barracudacentral.org (total: 482)
>     blocked using bl.spamcop.net (total: 40)
>     blocked using dbl.spamhaus.org (total: 133)
>     blocked using ix.dnsbl.manitu.net (total: 37)
>     blocked using psbl.surriel.com (total: 14)
>     blocked using zen.spamhaus.org (total: 3438)

  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Reply via email to