NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-08

Whitelist a host using check_client_access before the rbl check?

From: Nicolas KOWALSKI (nikopetole.dyndns.org)
Date: Mon Aug 04 2008 - 07:29:07 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I would like to whitelist a specific host, because it is currently
listed in the zen rbl, but I am unable to do so.

Here is a sample log of the rejected host connecting to my postfix:

Aug 4 14:17:17 petole postfix/smtpd[23545]: connect from 225.96.68-86.rev.gaoland.net[86.68.96.225]
Aug 4 14:17:17 petole postfix/smtpd[23545]: setting up TLS connection from 225.96.68-86.rev.gaoland.net[86.68.96.225]
Aug 4 14:17:17 petole postfix/smtpd[23545]: TLS connection established from 225.96.68-86.rev.gaoland.net[86.68.96.225]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Aug 4 14:17:18 petole postfix/smtpd[23545]: NOQUEUE: reject: RCPT from 225.96.68-86.rev.gaoland.net[86.68.96.225]: 554 5.7.1 Service unavailable; Client host [86.68.96.225] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=86.68.96.225; from=<nicolas.kowalskigmail.com> to=<nikopetole.dyndns.org> proto=ESMTP helo=<demisel.dyndns.org>
Aug 4 14:17:18 petole postfix/smtpd[23545]: disconnect from 225.96.68-86.rev.gaoland.net[86.68.96.225]

- I added the following line (full postconf -n below) to the
smtpd_recipient_restrictions, before the rbl check:

check_client_access hash:/etc/postfix/client_access

- /etc/postfix/client_access contains:
demisel.dyndns.org OK

- the full configuration:

petole:~# postconf -n
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
config_directory = /etc/postfix
disable_mime_output_conversion = yes
header_checks = regexp:/etc/postfix/header_checks
inet_protocols = all
local_recipient_maps = hash:/etc/postfix/local_recipients, $alias_maps
mailbox_size_limit = 0
mailbox_transport = cyrus
maximal_queue_lifetime = 60d
message_size_limit = 0
mydestination = localhost, localhost.localdomain, petole, petole.lan, petole.dyndns.org, petole.demisel.net
mydomain = $myhostname
myhostname = petole.dyndns.org
relay_domains = demisel.dyndns.org
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relayhost = [mail.club-internet.fr]
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access hash:/etc/postfix/client_access, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_unknown_hostname, reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, permit
smtpd_tls_cert_file = /etc/postfix/ssl/petole-crt.pem
smtpd_tls_key_file = /etc/postfix/ssl/petole-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s

Any help would be appreciated,

Thanks,
--
Nicolas

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]