On Fri, Apr 29, 2022 at 04:47:51PM -0700, "li...@lazygranch.com" <li...@lazygranch.com> wrote:
> I'm trying to allow-list (formerly whitelist) a TLD. I have these lines > in my postfix main.cf: > > check_client_access hash:/etc/postfix/client_checks, > check_sender_access hash:/etc/postfix/sender_checks, > check_client_access hash:/etc/postfix/rbl_override, > > For the rbl_override file is siriusxm.com sufficient? Or do I need > e.siriusxm.com or even r193.e.siriusxm.com? > > Maillog message is: > Apr 29 17:20:46 lazygranch postfix/smtpd[10668]: NOQUEUE: reject: RCPT from > r193.e.siriusxm.com[192.243.230.193]: 554 5.7.1 Service unavailable; Client > host [192.243.230.193] blocked using zen.spamhaus.org; > from=<bou...@e.siriusxm.com> to=<li...@lazygranch.com> proto=ESMTP > helo=<r193.e.siriusxm.com> man 5 postconf says: > check_client_access type:table > Search the specified access database for the client hostname, parent > domains, client IP address, or networks obtained by stripping least > significant octets. See the access(5) manual page for details. so parent domains are supported. man 5 access defines the format of the file and shows the following (in the HOST NAME/ADDRESS PATTERNS section) for the left hand side: > .domain.tld > > Matches subdomains of domain.tld, but only when the > string smtpd_access_maps is not listed in the Postfix > parent_domain_matches_subdomains configuration setting. The .domain.tld notation only covers a single level of subdomain, but if all the rejections are from something.e.siriusxm.com, you should only need: .e.siriusxm.com OK But you might need other entries if there are other sending hosts e.g. something.f.siriusxm.com or similar that are being blocked by the rbl. cheers, raf
