Set submission as to bypass RBLs

Prev: Why was this message rejected by postfix
Next: postfix smtp_loop() breaks SMTP

From: David Cottle on 21 Apr 2010 19:35

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am having some issues with my server blocking ISP IP addresses.

I know a recent update to plesk-9.5.1 changed my postfix main.cf and
master.cf (the timestamps changed). I managed to fix main.cf as on
the smtpd_client_restrictions, they put the RBLs first.

Can anyone see what is wrong in the master.cf?

I just want submission on 587 able to bypass RBL checks:

#
# Postfix master process configuration file. For details on the format
==========================================================================
smtp inet n - - - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - - 60 1 pickup -o content_filter=smtp:127.0.0.1:10027
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX
loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#

plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser
argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p
/var/qmail/mailnames
mailman unix - n n - - pipe flags=R user=mailman:mailman
argv=/usr/lib/plesk-9.0/postfix-mailman ${nexthop} ${user} ${recipient}
127.0.0.1:10025 inet n n n - - spawn user=mhandlers-user
argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue
127.0.0.1:10026 inet n - - - - smtpd -o smtpd_client_restrictions=
- -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o
smtpd_recipient_restrictions=permit_mynetworks,reject -o
smtpd_data_restrictions= -o
receive_override_options=no_unknown_recipient_checks
127.0.0.1:10027 inet n n n - - spawn user=mhandlers-user
argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote
plesk_saslauthd unix y y y - 1 plesk_saslauthd status=5 listen=6
dbpath=/plesk/passwd.db
smtps inet n - - - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025 -o
smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o
smtpd_sasl_auth_enable=yes -o
smtpd_client_restrictions=permit_sasl_authenticated,reject -o
smtpd_sender_restrictions= -o smtpd_proxy_filter=127.0.0.1:10025
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvPi7MACgkQi1lOcz5YUMhUdgCfSQcDsMVe0jM6dUUZ4i1JC58i
tO0AnAwyEiJYikm4w4imblStUKv7jNga
=+b+4
-----END PGP SIGNATURE-----

From: Matt Hayes on 21 Apr 2010 20:09

---

n 04/21/2010 07:35 PM, David Cottle wrote:

> #submission inet n - n - - smtpd
> # -o smtpd_tls_security_level=encrypt
> # -o smtpd_sasl_auth_enable=yes
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> # -o milter_macro_daemon_name=ORIGINATING

Seems submission is commented out?

-matt

From: webmaster on 21 Apr 2010 20:14

---

Quoting Matt Hayes <dominian(a)slackadelic.com>:

> n 04/21/2010 07:35 PM, David Cottle wrote:
>
>> #submission inet n - n - - smtpd
>> # -o smtpd_tls_security_level=encrypt
>> # -o smtpd_sasl_auth_enable=yes
>> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>> # -o milter_macro_daemon_name=ORIGINATING
>
> Seems submission is commented out?
>
> -matt
>

Hi Matt,

No its not look further down:

smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o
smtpd_sasl_auth_enable=yes -o
smtpd_client_restrictions=permit_sasl_authenticated,reject -o
smtpd_sender_restrictions= -o smtpd_proxy_filter=127.0.0.1:10025

From: Matt Hayes on 21 Apr 2010 20:28

---

On 04/21/2010 08:14 PM, webmaster(a)aus-city.com wrote:
> Quoting Matt Hayes <dominian(a)slackadelic.com>:
>
>> n 04/21/2010 07:35 PM, David Cottle wrote:
>>
>>> #submission inet n - n - - smtpd
>>> # -o smtpd_tls_security_level=encrypt
>>> # -o smtpd_sasl_auth_enable=yes
>>> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>> # -o milter_macro_daemon_name=ORIGINATING
>>
>> Seems submission is commented out?
>>
>> -matt
>>
>
> Hi Matt,
>
> No its not look further down:
>
> smtpd_tls_wrappermode=yes
> submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o
> smtpd_sasl_auth_enable=yes -o
> smtpd_client_restrictions=permit_sasl_authenticated,reject -o
> smtpd_sender_restrictions= -o smtpd_proxy_filter=127.0.0.1:10025
>
>
>


ahhh missed that!

If you have smtpd_recipient_restrictions defined in main.cf you'll have
to negate them just as you did with smtpd_sender_restrictions

-Matt

From: David Cottle on 21 Apr 2010 21:23

---

Sent from my iPhone

On 22/04/2010, at 10:28, Matt Hayes <dominian(a)slackadelic.com> wrote:

>
> On 04/21/2010 08:14 PM, webmaster(a)aus-city.com wrote:
>> Quoting Matt Hayes <dominian(a)slackadelic.com>:
>>
>>> n 04/21/2010 07:35 PM, David Cottle wrote:
>>>
>>>> #submission inet n - n - - smtpd
>>>> # -o smtpd_tls_security_level=encrypt
>>>> # -o smtpd_sasl_auth_enable=yes
>>>> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>>> # -o milter_macro_daemon_name=ORIGINATING
>>>
>>> Seems submission is commented out?
>>>
>>> -matt
>>>
>>
>> Hi Matt,
>>
>> No its not look further down:
>>
>> smtpd_tls_wrappermode=yes
>> submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o
>> smtpd_sasl_auth_enable=yes -o
>> smtpd_client_restrictions=permit_sasl_authenticated,reject -o
>> smtpd_sender_restrictions= -o smtpd_proxy_filter=127.0.0.1:10025
>>
>>
>>
>
>
> ahhh missed that!
>
> If you have smtpd_recipient_restrictions defined in main.cf you'll
> have
> to negate them just as you did with smtpd_sender_restrictions
>
> -Matt

Hi Matt,

In main.cf I have got in smptd sender restrictions permit sasl
authenticated.

It's also in smtpd recipient restrictions as the 3rd after mynetworks
and a plesk no relay check.

smtpd client restrictions it's 2nd after a plesk blacklist check.

In client restrictions it's the 2nd one, as my whitelists is first.

I know it's RBL killing as it's complaints about ISP dynamic message.

I can post my actual main.cf later when I have PC as I am on iPhone.

Is there also a command to dump the config?

Thanks!

 |  Next  |  Last
Pages: 1 2
Prev: Why was this message rejected by postfix
Next: postfix smtp_loop() breaks SMTP