+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: System Setup & Installation (/forum-32.html)
+--- Thread: whitelisting poorly configured mail servers (/thread-3876.html)
whitelisting poorly configured mail servers - grungy - 07-28-2008 07:59 PM
I have a client who needs to get mails from certain people that have poorly configured servers....the problem is they send mails from local server with dynamic ip address and non existent hostname:
Code:
Jul 21 19:15:31 emperor postfix/smtpd[7329]: NOQUEUE: reject: RCPT from 82-68-135-86.dsl.in-addr.zen.co.uk[82.68.135.86]: 550 5.7.1 <cleint@domain>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ms01.freighttransport.local, MTA hostname: 82-68-135-86.dsl.in-addr.zen.co.uk[82.68.135.86] (helo/hostname mismatch); from=<patrick.burnel@freighttransport.co.uk> to=<cleint@domain> proto=ESMTP helo=<MS01.freighttransport.local>Is there a way to allow my client to receive mails from this poorly configured server...he keeps bugging me about how he is loosing money
some kind of whitelist? searched the forum but did not find a way to whitelist a domain name, only ip address, which is dynamic so it does not help me at all...
tnx
RE: whitelisting poorly configured mail servers - grungy - 07-29-2008 09:44 PM
All guru is on holiday?
RE: whitelisting poorly configured mail servers - kilburn - 08-09-2008 03:04 AM
Well, maybe a bit late but you can use a postfix access map to skip policyd-weight & postgrey for this IP. I also have another access map where I can skip them on a per-recipient basis (when a customer explicitly requests it), and the config looks like this:
/etc/postfix/main.cf
Code:
...
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
+ check_client_access hash:/etc/postfix/client_whitelist,
+ check_recipient_access hash:/etc/postfix/recipient_whitelist,
check_policy_service inet:127.0.0.1:12525,
check_policy_service inet:127.0.0.1:60000,
permit
...The /etc/postfix/client_whitelist (that must be postmapped everytime you change it) lists IP's or networks of whitelisted external servers, like:
Code:
192.168.0.1 OK
192.168.1.0/24 OKThe /etc/postfix/recipient_whitelist (also needs to be postmapped) lists recipients (single addresses or whole domains) that don't want policyd & postgrey enabled (paranoid customers that think they're loosing mails), like:
Code:
customer@domain.tld
domain.tldThat's it!
RE: whitelisting poorly configured mail servers - grungy - 08-16-2008 12:34 PM
Is there a way to whitelist a domain for followinf rules:
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
RE: whitelisting poorly configured mail servers - kilburn - 08-18-2008 03:20 AM
As policyd-weight already checks the helo and hostname settings I've disabled this restrictions in postfix, so when I whitelist a server using the described method it also bypasses those checks...