Results 1 to 10 of 10

Thread: Solution: Whitelist for Postfix if using RBLs

  1. #1
    bertie_uk is offline Senior Member
    Join Date
    Nov 2006
    Location
    Manchester, UK
    Posts
    59
    Rep Power
    8

    Default Solution: Whitelist for Postfix if using RBLs

    If you are using RBLs (such as zen.spamhaus.org) to block spam, the whitelist method in the Wiki does not work. This is because the wiki method is for spamassasin not postfix.

    Postfix will check incoming messages against the RBL first, and allow/reject accordingly. So if you have a sender listed on a RBL, you need to whitelist them in Postfix.

    Using this post: How To Whitelist Hosts/IP Addresses In Postfix | HowtoForge - Linux Howtos and Tutorials

    I came up with a method to do this in Zimbra. {commands in italics}

    Login and change to zimbra user

    vi /opt/zimbra/conf/postfix_rbl_override
    list all IP addresses or host names (one per line!) that you want to whitelist:
    Code:
    1.2.3.4 OK
    1.2.3.5 OK
    mail.freemailer.tld OK
    postmap /opt/zimbra/conf/postfix_rbl_override

    vi /opt/zimbra/conf/postfix_recipient_restrictions.cf

    under:
    reject_unauth_destination
    add:
    check_client_access hash:/opt/zimbra/conf/postfix_rbl_override

    e.g.:
    Code:
    reject_unauth_destination
    check_client_access hash:/opt/zimbra/conf/postfix_rbl_override
    reject_unlisted_recipient
    zmmtactl restart

    Each time you add a new one, you need to do the postmap command then zmmtactl restart

    Bertie

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Thanks for posting this, would you mind adding it to the wiki as that's a more appropriate place for this kind of article.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    8

    Default

    Thanks from me, too. This will come in handy. Also, I've inserted a cross-reference to this thread in Bug 43956 - RFE: MTA-level whitelisting.

  4. #4
    bertie_uk is offline Senior Member
    Join Date
    Nov 2006
    Location
    Manchester, UK
    Posts
    59
    Rep Power
    8

    Default Wiki Updated

    Updated to Wiki here: Improving Anti-spam system - Zimbra :: Wiki

    Bertie

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by bertie_uk View Post
    Thanks for doing that.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    fcash is offline Elite Member
    Join Date
    Jun 2007
    Location
    BC, Canada
    Posts
    281
    Rep Power
    7

    Default

    Quote Originally Posted by bertie_uk View Post
    under:
    reject_unauth_destination
    add:
    check_client_access hash:/opt/zimbra/conf/postfix_rbl_override

    e.g.:
    Code:
    reject_unauth_destination
    check_client_access hash:/opt/zimbra/conf/postfix_rbl_override
    reject_unlisted_recipient
    You should put the override right above the item you are overriding, and not just anywhere above.

    Each time you add a new one, you need to do the postmap command then zmmtactl restart
    Why the "zmmtactl restart"? Postfix doesn't need to be restarted to pick up changes in a hashed db. Running postmap on the file is enough to alert postfix that there are changes and to reload the db.
    Freddie

  7. #7
    eniomarconcini is offline Intermediate Member
    Join Date
    May 2011
    Posts
    17
    Rep Power
    3

    Default

    Hello all....

    I use this method to solve some RBL spam problem. I have some trust domains that send mail to our MTA, but the message does not sent to recipent.
    So I do like this thread. And solved to some domains

    see /opt/zimbra/conf/postfix/rbl_override
    gov.br OK
    opet.com.br OK
    luzsp.com.br OK
    terra.com.br OK

    As you can see, this have worked fine to some domains, but I have a great great problem with this last domain (terra.com.br), when I send a test mail, the log shows:

    Jan 21 15:05:54 lukeskywalker postfix/smtpd[4212]: connect from if04-mail-sr10-mia.mta.terra.com[208.84.243.57]
    Jan 21 15:05:55 lukeskywalker postfix/smtpd[4212]: EDF844638007: client=if04-mail-sr10-mia.mta.terra.com[208.84.243.57]
    Jan 21 15:05:56 lukeskywalker postfix/cleanup[4213]: EDF844638007: message-id=<53824.1358787953@terra.com.br>
    Jan 21 15:05:56 lukeskywalker postfix/qmgr[3570]: EDF844638007: from=<cpdprefsfs@terra.com.br>, size=3519, nrcpt=1 (queue active)
    Jan 21 15:05:56 lukeskywalker postfix/smtpd[4212]: disconnect from if04-mail-sr10-mia.mta.terra.com[208.84.243.57]
    Jan 21 15:05:59 lukeskywalker postfix/smtpd[3986]: connect from if04-mail-sr10-mia.mta.terra.com[208.84.243.57]
    Jan 21 15:05:59 lukeskywalker postfix/smtpd[3986]: 709C1463800B: client=if04-mail-sr10-mia.mta.terra.com[208.84.243.57]
    Jan 21 15:05:59 lukeskywalker postfix/cleanup[4213]: 709C1463800B: message-id=<051f01cdf7f9$97f3d830$c7db8890$@terra.com.br>
    Jan 21 15:06:01 lukeskywalker postfix/qmgr[3570]: 709C1463800B: from=<gestao.paulista05@terra.com.br>, size=95035, nrcpt=1 (queue active)
    Jan 21 15:06:01 lukeskywalker postfix/smtpd[3986]: disconnect from if04-mail-sr10-mia.mta.terra.com[208.84.243.57]



    but unfortunately the test message (and any other) does not show in users mailboxes.

  8. #8
    scohol is offline Active Member
    Join Date
    Sep 2009
    Location
    Canberra, Australia
    Posts
    25
    Rep Power
    5

    Default

    How would someone do this in Zimbra 8?

    Is this method still recommended? Is there any changes that need to be made? Or does Zimbra 8 allow us to do this in other ways.

    An answer or pointing me in the right direction would be great.

  9. #9
    bertie_uk is offline Senior Member
    Join Date
    Nov 2006
    Location
    Manchester, UK
    Posts
    59
    Rep Power
    8

    Default

    In Zimbra 8 the file to add the check to is now /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf

  10. #10
    evilside is offline Starter Member
    Join Date
    Nov 2013
    Posts
    2
    Rep Power
    1

    Default

    Hi

    You know if this procedure is valid for domain names?

    examples:
    test.com OK
    nova.mx.com OK
    bluehorse.net OK

    According to Postfix MAN page, is possible for: daomain, subdomain, address and IP: Postfix manual - access(5)

    But, I try this method and not working. I have Zimbra 7.2.0.

    Edit...

    I have debugged Zimbra and I see that Postfix only is verifying the mail server hostname. Only work if hostname is finished with a domain name whitelisted.

    I want exclude messages this way:

    "name@example.com" sent from "*.outlook.com"
    "othername@company.com" sent from "*.google.com"
    "peter@farawaytown.net" sent from "*.someprovider.net"

    Mi RBL provider is blocking Google and Microsoft IP address because this companies are hosting several spamers of my country. Other RBLs not work for me because almost all spam messages is sent from national servers.
    Last edited by evilside; 01-08-2014 at 10:48 AM. Reason: New info

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. whitelist & blacklist
    By Nox in forum Administrators
    Replies: 0
    Last Post: 08-07-2008, 12:07 PM
  2. Known "proxy" issue and solution?
    By fnollet in forum Administrators
    Replies: 0
    Last Post: 07-04-2008, 01:10 AM
  3. Spam handling with RBL's
    By Priyantha Bleeker in forum Administrators
    Replies: 2
    Last Post: 04-18-2008, 09:52 AM
  4. TRying to make sense of a Palm sync solution
    By fhouston in forum Administrators
    Replies: 8
    Last Post: 03-20-2008, 08:40 AM
  5. Replies: 2
    Last Post: 02-20-2007, 08:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •