At 3:06 PM -0400 4/29/08, Stefan Jeglinski imposed structure on a
stream of electrons, yielding:
Not sure this list is still even on-line... but wondering if the
collective wisdom of those that know postfix can help me out
understanding this.
I'm using postfix, and if I use
smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org
I get virtually 100% rejection, whereas sbl-xbl seems to work more
in accordance with my expectations (blocks spam, not every_one). The
difference is that zen includes the PBL, which is not a blacklist
per se. Of course, you find it everywhere said that you should
replace sbl-xbl with zen.
However, when I query any number of the connecting IPs that are
rejected, spamhaus claims that those IPs are not listed on either
SBL, XBL, or PBL.
What do you get if you do a DNS lookup, i.e. 'dig
17.165.202.64.zen.spamhaus.org' in a terminal session?
FWIW, 64.202.165.17 seems to be on at least one DNSBL, the SORBS
'they sent us spam' zone. I will not risk promoting the use of that
list by including the zone name...
And yet, the rejection occurs anyway. For example:
============
http://www.spamhaus.org/query/bl?ip=64.202.165.17
and then the sender gets this back:
24.172.19.59 does not like recipient.
Remote host said: 554 5.7.1 Service unavailable; Client host
[64.202.165.17] blocked using zen.spamhaus.org
Giving up on 24.172.19.59.
============
I'm certain this is due to a misunderstanding on my part of how the
PBL works or is intended to work. Or perhaps postfix?
The other possibility is that you may be forwarding your DNS queries
to a server that plays games with them. Many ISP's have been doing
this. If you are using any DNSBL's with a mail server these days, it
is important to make sure that you run your own full-recursion DNS
resolver that never forwards queries to your upstream ISP's
resolvers. See
http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html for an
explanation of what some slimeball ISP's are doing and how it creates
security problems.
You also might get more info from the postfix log, e.g. /var/log/mail.log
You may get around ISP DNS injection by specifying the Spamhaus
return codes in your postfix config:
smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.2,
reject_rbl_client zen.spamhaus.org=127.0.0.4,
reject_rbl_client zen.spamhaus.org=127.0.0.5,
reject_rbl_client zen.spamhaus.org=127.0.0.10,
reject_rbl_client zen.spamhaus.org=127.0.0.11
Otherwise, reject_rbl_client will catch on any answer from the DNS
query, and since DNS injection is done to inject bogus A records
pointing at real IP's, it will make reject_rbl_client catch if you
don't specify the lookup result.
I read the spamhaus discussion on when not to use zen:
a) if you are doing "deep" header analysis
b) if you are using a smarthost or provide SMTP AUTH outbound
My server is not an ISP - it's just the mail server for my company.
As such, it does do SMTP AUTH outbound for my users, but I seemed to
not have any issues with that and zen. I do no relaying, so I'm not
a smarthost, AFAICT. I accept connections from authenticated users,
and then of course any MTA that is trying to send me mail. How is it
that the latter is at cross-purposes with the PBL?
This can't be that hard, because googling seems not to find a lot of
what I am describing.
Feeling Duncey,
--
Bill Cole
[EMAIL PROTECTED]
#############################################################
This message is sent to you because you are subscribed to
the mailing list <SIMS@mail.stalker.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
