I have RBL checks in postfix but it doesn't work and blacklisted IPs get through.
This is the smtpd_recipient_restrictions of my postfix's main.cf file:
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client b.barracudacentral.org,
check_policy_service unix:private/policyd-spf,
check_client_access pcre:/etc/postfix/rbl_override
My IP has access to query b.barracudacentral.org and
dig +short @b.barracudacentral.org 4.3.2.1.b.barracudacentral.org.
returns 127.0.0.2 but postfix says Host not found.
postfix log:
Sep 15 05:03:33 mta02 postfix/smtpd[22172]: dns_query: 4.3.2.1.b.barracudacentral.org (A): Host not found
Sep 15 05:03:33 mta02 postfix/smtpd[22172]: ctable_locate: install entry key 4.3.2.1.b.barracudacentral.org
Sep 15 05:03:33 mta02 postfix/smtpd[22172]: generic_checks: name=reject_rbl_client status=0
Please check if the smtpd process is running chrooted. For this, check the "chroot" column in master.cf.
Also note that any host in $mynetworks (
permit_mynetworks) won't be blacklisted as well as any SASL authenticated client (permit_sasl_authenticated).Note:
can never act as an override to "
reject_rbl_client b.barracudacentral.org" since the latter will always trigger first.