Postfix rbl checks

690 Views Asked by At

I have RBL checks in postfix but it doesn't work and blacklisted IPs get through.

This is the smtpd_recipient_restrictions of my postfix's main.cf file:

smtpd_recipient_restrictions =
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unlisted_recipient,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_rbl_client b.barracudacentral.org,
    check_policy_service unix:private/policyd-spf,
    check_client_access pcre:/etc/postfix/rbl_override

My IP has access to query b.barracudacentral.org and

dig +short @b.barracudacentral.org 4.3.2.1.b.barracudacentral.org.

returns 127.0.0.2 but postfix says Host not found.

postfix log:

Sep 15 05:03:33 mta02 postfix/smtpd[22172]: dns_query: 4.3.2.1.b.barracudacentral.org (A): Host not found
Sep 15 05:03:33 mta02 postfix/smtpd[22172]: ctable_locate: install entry key 4.3.2.1.b.barracudacentral.org
Sep 15 05:03:33 mta02 postfix/smtpd[22172]: generic_checks: name=reject_rbl_client status=0
1

There are 1 best solutions below

0
On

Please check if the smtpd process is running chrooted. For this, check the "chroot" column in master.cf.

Also note that any host in $mynetworks (permit_mynetworks) won't be blacklisted as well as any SASL authenticated client (permit_sasl_authenticated).

Note:

check_client_access pcre:/etc/postfix/rbl_override

can never act as an override to "reject_rbl_client b.barracudacentral.org" since the latter will always trigger first.