let ip bypass RBL

[mayk]

Hi,

i'm new, hi... Thans for the awesome project.. I've been experimenting with the efa and had some tweaks to do like after setting my zarafa mailserver to let it relay via the external hosted efa to add iptables rules. Also to deliver mail i had to adjust the transport files to deliver on alternate ports ( the bash menu does not accept a port ) . it works great.. But... The problem is when i sent e-mail trough relay it rejects it based on a RBL policy ( i have a dynamic ip ) . How can i set efa to not check my ip on a RBL ? I tried whitelist in the mailwatch interface but it does nog work ( tried restarting mailscanner and rebooted. ) . Alternate i tried manually adding my ip as a /32 in the postfix main.cf mynetworks but nogo..

Any thoughts / usggestions ?

thanks a zillion..

greets

Mayk

[mayk]

To answer my own question and for others seraching for this :

i folowing this link : https://www.howtoforge.com/how-to-white ... in-postfix

Version 1.0
Author: Falko Timme

If you are administrating a mail server and use blacklists to block spam (like in this article: How To Block Spam Before It Enters The Server (Postfix)), you probably know this problem: from time to time your customers complain that they cannot receive emails from certain freemailers. Most often this happens because a freemailer was abused to send out spam and therefore got blacklisted. This short guide shows how you can whitelist such a mail server in Postfix to make your customers happy again.

I do not issue any guarantee that this will work for you!

If a blacklisted server tries to send mail to your server, you should find something like this in your mail log:

SMTP error from remote mail server after RCPT TO:<bla@example.com>: host mail.example.com [4.3.2.1]: 554 5.7.1 Service unavailable; Client host [1.2.3.4] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?1.2.3.4

In this example, the mail server 1.2.3.4 is blacklisted and therefore blocked.

To whitelist that server, create the file /etc/postfix/rbl_override where you list all IP addresses or host names (one per line!) that you want to whitelist:

vi /etc/postfix/rbl_override

1.2.3.4 OK
1.2.3.5 OK
mail.freemailer.tld OK

After you've created/modified that file, you must run

postmap /etc/postfix/rbl_override

Next open /etc/postfix/main.cf and search for the smtpd_recipient_restrictions parameter. Add check_client_access hash:/etc/postfix/rbl_override to that parameter, after reject_unauth_destination, but before the first blacklist.

So if smtpd_recipient_restrictions looks like this now...

vi /etc/postfix/main.cf

[...]
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
[...]

... modify it so that it looks as follows:

[...]
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_client_access hash:/etc/postfix/rbl_override,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
[...]

That's it! Restart Postfix, and you're done:

/etc/init.d/postfix restart

[pdwalker]

Thanks for sharing the answer. This does come up every once in a while and it's good to have a clear solution.