From: Kevin Bailey (kbaileyfreewayprojects.com)
Date: Sun Mar 15 2009 - 10:08:17 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sahil Tandon wrote:
> On Mar 3, 2009, at 1:14 PM, Kevin Bailey <kbaileyfreewayprojects.com>
> wrote:
>
>> Hiya,
>>
>> We have had this setting on a mail server for a long time.
>>
>> smtpd_recipient_restrictions =
>> permit_sasl_authenticated
>> reject_non_fqdn_recipient
>> reject_non_fqdn_sender
>> reject_unknown_sender_domain
>> reject_unknown_recipient_domain
>> permit_mynetworks
>> reject_unauth_destination
>> reject_multi_recipient_bounce
>> reject_non_fqdn_hostname
>> reject_invalid_hostname
>> reject_rbl_client bl.spamcop.net
>> reject_rbl_client sbl.spamhaus.org
>> reject_rhsbl_sender dsn.rfc-ignorant.org
>> check_policy_service inet:127.0.0.1:60000
>> permit
>>
>> Today, about 80% of emails started getting bounced back with:
>>
>> Action: failed
>> Status: 5.7.1
>> Remote-MTA: dns; mail.psctraining.co.uk
>> Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host
>> [80.177.179.85] blocked using bl.spamcop.net
>>
>> So we commented out the spamcop line... then we got
>>
>> Action: failed
>> Status: 5.7.1
>> Remote-MTA: dns; mail.psctraining.co.uk
>> Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host
>> [80.177.179.85] blocked using sbl.spamhaus.org
>>
>>
>> So we commented out the spamhaus line... then we got
>>
>> <kbaileypsctraining.co.uk>: host
>> mail.psctraining.co.uk[217.45.142.233] said:
>> 554 5.7.1 Service unavailable; Sender address
>> [kbaileyfreewayprojects.com]
>> blocked using dsn.rfc-ignorant.org (in reply to RCPT TO command)
>>
>>
>> Then we commented out the rfc-ignorant.org line and the mail is
>> getting through. So the restrictions line now looks like:
>>
>> smtpd_recipient_restrictions =
>> permit_sasl_authenticated
>> reject_non_fqdn_recipient
>> reject_non_fqdn_sender
>> reject_unknown_sender_domain
>> reject_unknown_recipient_domain
>> permit_mynetworks
>> reject_unauth_destination
>> reject_multi_recipient_bounce
>> reject_non_fqdn_hostname
>> reject_invalid_hostname
>> # nstone - 03/03/2009
>> # commented to bypass the blacklists
>> # reject_rbl_client bl.spamcop.net
>> # reject_rbl_client sbl.spamhaus.org
>> # reject_rhsbl_sender dsn.rfc-ignorant.org
>> check_policy_service inet:127.0.0.1:60000
>> permit
>>
>>
>>
>> OK. We don't have full access to the routers etc. We also can no
>> longer access the web interface for their router which is on ports 81
>> and 445.
>>
>> My feeling is that something has changed with their firewall or traffic.
>>
>> Now, if Postfix can not connect to bl.spamcop.net would it reject the
>> mail by default? Also, to test this connection - what port does
>> Postfix try to connect to bl.spamcop.net on? - we could then try
>> telnet to test the connection. Also, what port(s) does
>> bl.spamcop.net connect back on?
>
> The RBLs are queried via DNS; you don't 'connect' or 'telnet' to them
> in the conventional sense. I suspect something has gone awry with
> your DNS resolver.
>

Thanks for that and the other responses.

We indeed tracked it to DNS problems - in this case the onsite admin
(who is a Windows only type) had set up a Smoothwall router and we were
using it as our DNS server. It seems to have been responding with bad data.

We changed the server to use OpenDNS servers and all's well.

Thanks again for the help.

Kevin

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]