RBL Whitelist not working

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
yogg01
Posts: 13
Joined: Sat Sep 13, 2014 3:55 am

RBL Whitelist not working

Postby yogg01 » Tue Jan 26, 2016 3:45 am

Hi



My System:
Release 8.6.0.GA.1153.UBUNTU14.64 UBUNTU14_64 NETWORK edition, Patch 8.6.0_P5.


What I have already tried:
https://wiki.zimbra.com/wiki/Specific_Whitelist/Blacklist_per_IP#Specific_Whitelist.2FBlacklist_per_IP


My "/opt/zimbra/conf/postfix_rbl_override":
mout.gmx.net OK
mrelayeu.kundenserver.de OK
mout.kundenserver.de OK


My "/opt/zimbra/conf/postfix_rbl_override.lmdb" (looks cryptik but I see some of the values from above):
...mout.gmx.netOK...mout.kundenserver.deOK...


:~$ zmprov gcf zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client
zimbraMtaRestriction: check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override


Only to make sure everything is loaded:
zmmtactl restart



Everything looks fine so far, but in the logs I still see this:


...
Jan 25 12:13:54 my-zimbra postfix/smtpd[1157]: NOQUEUE: reject: RCPT from mout.kundenserver.de[212.227.126.131]: 554 5.7.1 Service unavailable; Client host [212.227.126.131] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?212.227.126.131; from=<sender@sender.com> to=<receiver@mydomain.com> proto=ESMTP helo=<mout.kundenserver.de>
Jan 25 13:56:26 my-zimbra postfix/smtpd[14842]: NOQUEUE: reject: RCPT from mout.kundenserver.de[212.227.126.135]: 554 5.7.1 Service unavailable; Client host [212.227.126.135] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?212.227.126.135; from=<sender@other-sender.com> to=<reveiver@mydomain.com> proto=ESMTP helo=<mout.kundenserver.de>
Jan 25 14:32:44 my-zimbra postfix/smtpd[29191]: NOQUEUE: reject: RCPT from mout.kundenserver.de[212.227.126.131]: 554 5.7.1 Service unavailable; Client host [212.227.126.131] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?212.227.126.131; from=<sender03@sender.com> to=<receiver02@mydomain.com> proto=ESMTP helo=<mout.kundenserver.de>
...


Has someone an idea what I'm doing wrong?



pdifeo
Posts: 21
Joined: Sat Sep 13, 2014 3:13 am

RBL Whitelist not working

Postby pdifeo » Wed Jan 27, 2016 1:25 am

Check in /opt/zimbra/postfix/conf/main.cf that postfix_rbl_override is before reject_rbl_* rules


like this


smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender rhsbl.sorbs.net, check_policy_service unix:private/policy, permit


 


Regards

yogg01
Posts: 13
Joined: Sat Sep 13, 2014 3:55 am

RBL Whitelist not working

Postby yogg01 » Wed Jan 27, 2016 2:08 am

Hi


thx for the hint, I checked the file and it looks like this:


smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client check_client_access, permit

I Changed it to this:


smtpd_recipient_restrictions = check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client check_client_access, permit


But I don't understand why this check is missing. In the configuration I added it with zmprov. Is there an known Bug for this?

pdifeo
Posts: 21
Joined: Sat Sep 13, 2014 3:13 am

RBL Whitelist not working

Postby pdifeo » Wed Jan 27, 2016 2:20 am

Some configurations in main.cf are generated by zmconfigd. In this case the file where zmconfigd take info is  /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf.


If this file is correct in rules order, main.cf is generated correctly. In my installations is


%%contains VAR:zimbraMtaRestriction check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist%%
%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%
reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unlisted_recipient
%%exact VAR:zimbraMtaRestriction reject_invalid_helo_hostname%%
%%exact VAR:zimbraMtaRestriction reject_non_fqdn_helo_hostname%%
%%exact VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%exact VAR:zimbraMtaRestriction reject_unknown_client_hostname%%
%%exact VAR:zimbraMtaRestriction reject_unknown_reverse_client_hostname%%
%%exact VAR:zimbraMtaRestriction reject_unknown_helo_hostname%%
%%exact VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%exact VAR:zimbraMtaRestriction reject_unverified_recipient%%
%%contains VAR:zimbraMtaRestriction check_recipient_access lmdb:/opt/zimbra/conf/postfix_recipient_access%%
%%contains VAR:zimbraMtaRestriction check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override%%
%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
%%explode reject_rhsbl_client VAR:zimbraMtaRestrictionRHSBLCs%%
%%explode reject_rhsbl_reverse_client VAR:zimbraMtaRestrictionRHSBLRCs%%
%%explode reject_rhsbl_sender VAR:zimbraMtaRestrictionRHSBLSs%%
%%contains VAR:zimbraMtaRestriction check_policy_service unix:private/policy%%
%%contains VAR:zimbraMtaRestriction check_recipient_access ldap:/opt/zimbra/conf/ldap-splitdomain.cf%%
%%exact VAR:zimbraMtaRestriction reject%%
permit


I suggest you to check if your is the same.



ADota
Posts: 11
Joined: Mon Jun 22, 2015 6:45 pm

RBL Whitelist not working

Postby ADota » Thu Feb 04, 2016 6:17 pm

try move %%contains VAR:zimbraMtaRestriction check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override%% above reject_unlisted_recipient
yogg01
Posts: 13
Joined: Sat Sep 13, 2014 3:55 am

RBL Whitelist not working

Postby yogg01 » Fri Feb 05, 2016 1:23 am

The above solution works for me.

But if this is a Bug it maybe should be fixed in the future.

Return to “Administrators”

Who is online

Users browsing this forum: tellme and 26 guests