scudderfish
|
| posted on 17/4/10 at 06:45 PM |
|
|
Postfix configuration problem
Right, let's see if LCB can answer this one 
I run my own mailserver at home using Postfix on OSX. I have a Nokia N900 on tmobile and I was getting fed up with emails sitting in their mail
queues for > 24 hours so I thought I'd reconfigure to go via my server when out and about on 3G.
I got TLS and SASL working well, but I'm falling foul of my own spamfilter setup. Unsurprisingly the tmobile IP addresses are on spam
blacklists and this is causing me trouble. My mail log looks something like :-
Apr 17 19:27:05 mail postfix/smtpd[67685]: connect from genkt-048-068.t-mobile.co.uk[149.254.48.68]
Apr 17 19:27:05 mail postfix/smtpd[67685]: setting up TLS connection from genkt-048-068.t-mobile.co.uk[149.254.48.68]
Apr 17 19:27:06 mail postfix/smtpd[67685]: TLS connection established from genkt-048-068.t-mobile.co.uk[149.254.48.68]: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits)
Apr 17 19:27:07 mail postfix/smtpd[67685]: NOQUEUE: reject: RCPT from genkt-048-068.t-mobile.co.uk[149.254.48.68]: 554 5.7.1 Service unavailable;
Client host [149.254.48.68] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=149.254.48.68 - see http://zen.spamhaus.org.;
from=<dave@smithfamily.org.uk> to=<dave@smithfamily.org.uk> proto=ESMTP helo=<[10.215.55.211]>
Apr 17 19:27:07 mail postfix/smtpd[67685]: disconnect from genkt-048-068.t-mobile.co.uk[149.254.48.68]
However I have permit_sasl_authenticated in my config before the spam blacklists and I thought this would allow authenticated connections through
without hitting the spam checks. Postconf -n output is this :-
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see
http://$rbl_domain.
home_mailbox = Maildir/
inet_interfaces = all
local_recipient_maps =
luser_relay = dgs
mail_owner = _postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 0
mydomain = radmee.org.uk
mydomain_fallback = localhost
myhostname = radmee.org.uk
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd_client_restrictions = permit_sasl_authenticated, check_client_access hash:/etc/postfix/access
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org,
check_policy_service inet:127.0.0.1:65432
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_use_pw_server = yes
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
Are there any postfix gurus around?
|
|
|
|
|
robocog
|
| posted on 17/4/10 at 08:17 PM |
|
|
Not an expert or owt...but
I had issues with spam and started using postgrey (greylisting for postfix) and it 100% has worked for me
(though I still have reject_rbl_client sbl-xbl.spamhaus.org in there so wouldn't solve your isses)
Maybe adding a whitelist for Tmobiles block(s) may help?
http://www.howtoforge.com/how-to-whitelist-hosts-ip-addresses-in-postfix
http://www.mailinglistarchive.com/postfix-users@postfix.org/msg46832.html
Alternately you could try just using SBL as its not listed in there
Would be interesting to see if relaxing the query does the trick without opening yourself up for a spamnami
149.254.48.68 is not listed in the SBL
149.254.48.68 is listed in the PBL, in the following records: * PBL243180
149.254.48.68 is listed in the XBL, because it appears in: * CBL
Good luck with it :-)
Regards
Rob
|
|
|
MakeEverything
|
| posted on 17/4/10 at 09:09 PM |
|
|
Friday..... with sauce please. 
Kindest Regards,
Richard.
...You can make it foolProof, but youll never make it Idiot Proof!...
|
|
|
scudderfish
|
| posted on 24/4/10 at 06:02 PM |
|
|
Turns out I had a typo in the config file  Now I just need to turn down spamassassin so it doesn't flag my outgoing email as spam before it
even leaves the server.....
|
|
|
scudderfish
|
| posted on 24/4/10 at 06:04 PM |
|
|
BTW, I agree Postgrey is really good, I've been using it a while as a second line filter behind spamhaus as spamhaus is a cheaper test.
|
|
|
.JPG)
