Results 1 to 9 of 9

Thread: RBLs restricted?

  1. #1
    wentum is offline Intermediate Member
    Join Date
    Feb 2008
    Posts
    23
    Rep Power
    7

    Default RBLs restricted?

    Are the RBLs I actually can use restricted? Possibly via the %%contains statements in postfix_recipient_restrictions.cf? I'm asking because what I see using "zmprov gacf|grep zimbraMtaRestriction" is not corresponding to what is listed in main.cf. Some Lists are missing.
    Does anyone know?

    Joerg

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,469
    Rep Power
    56

    Default

    There's no restriction on the RBLs you can use. What do you get if you run:

    Code:
    zmprov gacf | grep zimbraMtaRestriction
    and how are you adding these RBLs?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    wentum is offline Intermediate Member
    Join Date
    Feb 2008
    Posts
    23
    Rep Power
    7

    Default

    zmprov gacf | grep zimbraMtaRestriction

    is giving me

    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client ix.dnsbl.manitu.net


    /opt/zimbra/postfix/conf/main.cf

    shows

    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient,
    reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_rbl_client dnsbl.njabl.org, reject_rbl_client bl.spamcop.net, permit

    I added my entires with

    zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non_fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" zimbraMtaRestriction "reject_rbl_client zen.spamhaus.org" zimbraMtaRestriction "reject_rbl_client ix.dnsbl.manitu.net"

    Joerg

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,469
    Rep Power
    56

    Default

    Sorry, but I don't quite understand the problem here. You've got eight 'reject' entries listed when you do the 'zmprov gacf', you've got eight 'reject' entries in your main.cf and you've got eight 'reject' entries shown in the 'zmprov mcf' command that you've listed. As far as I can see all the RBLs have been added as you requested.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    wentum is offline Intermediate Member
    Join Date
    Feb 2008
    Posts
    23
    Rep Power
    7

    Default

    Well, your obviously right that all my entries are listed using 'zmprov gacf | grep zimbraMtaRestriction'. But they are NOT taken over to postfix's main.cf. So they won't work, will they?

    zimbra@sally:$ postconf -n
    alias_maps = hash:/etc/aliases
    broken_sasl_auth_clients = yes
    command_directory = /opt/zimbra/postfix-2.4.3.4z/sbin
    config_directory = /opt/zimbra/postfix-2.4.3.4z/conf
    content_filter = smtp-amavis:[127.0.0.1]:10024
    daemon_directory = /opt/zimbra/postfix-2.4.3.4z/libexec
    disable_dns_lookups = no
    header_checks = pcre:/opt/zimbra/conf/postfix_header_checks
    mailbox_size_limit = 0
    mailq_path = /opt/zimbra/postfix-2.4.3.4z/sbin/mailq
    manpage_directory = /opt/zimbra/postfix-2.4.3.4z/man
    message_size_limit = 253952000
    mydestination = localhost
    myhostname = sally.innovatetogether.de
    mynetworks = 127.0.0.0/8 213.144.15.192/28
    newaliases_path = /opt/zimbra/postfix-2.4.3.4z/sbin/newaliases
    queue_directory = /opt/zimbra/postfix-2.4.3.4z/spool
    recipient_delimiter =
    relayhost =
    sender_canonical_maps = ldap:/opt/zimbra/conf/ldap-scm.cf
    sendmail_path = /opt/zimbra/postfix-2.4.3.4z/sbin/sendmail
    smtpd_client_restrictions = reject_unauth_pipelining
    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_helo_required = yes
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_rbl_client dnsbl.njabl.org, reject_rbl_client bl.spamcop.net, permit
    smtpd_reject_unlisted_recipient = no
    smtpd_sasl_auth_enable = yes
    smtpd_tls_auth_only = no
    smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
    smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
    smtpd_tls_loglevel = 1
    smtpd_use_tls = yes
    transport_maps = ldap:/opt/zimbra/conf/ldap-transport.cf
    virtual_alias_domains = ldap:/opt/zimbra/conf/ldap-vad.cf
    virtual_alias_maps = ldap:/opt/zimbra/conf/ldap-vam.cf
    virtual_mailbox_domains = ldap:/opt/zimbra/conf/ldap-vmd.cf
    virtual_mailbox_maps = ldap:/opt/zimbra/conf/ldap-vmm.cf
    virtual_transport = error

    Joerg

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,469
    Rep Power
    56

    Default

    It would actually help if I read the correct line, sorry.

    I have a recollection that there might be a character limit on the postfix smtpd_recipient_restrictions line, I'll just check that.
    Last edited by phoenix; 02-15-2008 at 08:11 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    wentum is offline Intermediate Member
    Join Date
    Feb 2008
    Posts
    23
    Rep Power
    7

    Default

    OK, for those who are interested. For me it seems that there is no restriction in length but a restriction in what RBLs you can use. (correct me, if this is wrong!!)
    Using try an error i found out that RBLs i added in /opt/zimbra/conf/postfix_recipient_restrictions.cf (example -> %%contains VAR:zimbraMtaRestriction reject_rbl_client ix.dnsbl.manitu.net%% ) afterwards can be added using 'zmprov mcf zimbraMtaRestriction ix.dnsbl.manitu.net' and then will be taken over to postfix's main.cf.

    Joerg

  8. #8
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Very very interesting....It appears that I am having the same issue. I had 5 rbl's entered into the admin UI but only the single one that was listed in this file actually made it into the config (bl.spamcop.net). Does anybody know why it was setup this way in that it limits your rbl lists to only those in this file?!? To me this seems utterly ridiculous especially since there is now functionality in the admin UI to edit your supposed RBL lists...but it doesn't work unless they are in this file.

  9. #9
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Is there a limit on number of RBLs
    By herbr in forum Administrators
    Replies: 9
    Last Post: 04-02-2008, 02:18 PM
  2. Spam Filter - a few questions
    By sternfan in forum Administrators
    Replies: 12
    Last Post: 08-08-2007, 12:12 PM
  3. Restricted Users.
    By Splat in forum Administrators
    Replies: 4
    Last Post: 06-01-2006, 02:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •