I have a whitelist file rna_rbl_whitelist_clients that contains:
# Part of smtpd_recipient_restrictions (greylisting is managed per recipient)
# These are the CLIENTS that are allowed to bypass greylisting
/\.facebook\.com$/ OK
/\.facebookmail\.com$/ OK
and the.db file is up to date
And my main.cf says:
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access
regexp:/opt/local/etc/postfix/rna_rbl_whitelist_clients,
reject_unknown_reverse_client_hostname,
reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],
permit
and
# Rspamd milter [email broken_richtext.eml to test]
milter_protocol = 6
# if rspamd is down, don't reject mail
milter_default_action = accept
# Use rspamd's socket (add
$queue_directory/opt/local/var/run/rspamd/milter.sock in chroot)
smtpd_milters =
unix:/opt/local/var/spool/postfix/opt/local/var/run/rspamd/milter.sock
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
But it gets greylisted anyway:
May 31 12:02:13 hermione smtp/smtpd[58412]: connect from
66-220-155-148.mail-mail.facebook.com[66.220.155.148]
May 31 12:02:14 hermione smtp/smtpd[58412]: 32BB7CA4F79E:
client=66-220-155-148.mail-mail.facebook.com[66.220.155.148]
May 31 12:02:14 hermione postfix/cleanup[58416]: 32BB7CA4F79E:
message-id=<[email protected]>
May 31 12:02:15 hermione postfix/cleanup[58416]: 32BB7CA4F79E: milter-reject:
END-OF-MESSAGE from 66-220-155-148.mail-mail.facebook.com[66.220.155.148]:
4.7.1 Try again later; from=<[email protected]> to=<[email protected]>
proto=ESMTP helo=<66-220-155-148.mail-mail.facebook.com>
May 31 12:02:20 hermione smtp/smtpd[58412]: disconnect from
66-220-155-148.mail-mail.facebook.com[66.220.155.148] ehlo=2 starttls=1 mail=1
rcpt=1 data=0/1 rset=1 quit=1 commands=7/8
What am I doing wrong?
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>, Mastodon
<https://newsie.social/@gctwnl>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
YouTube Channel <http://www.youtube.com/@GerbenWierda>
PS. More config on smtpd:
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access
regexp:/opt/local/etc/postfix/rna_rbl_whitelist_clients,
reject_unknown_reverse_client_hostname,
reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],
permit
# Drop any SMTP client that talks before its turn (spam botnets in a hurry)
postscreen_greet_action = drop
# Drop any SMTP client that is in the DNSBL
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
postscreen_dnsbl_action = drop
smtpd_delay_reject = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unlisted_recipient
smtpd_data_restrictions =
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_multi_recipient_bounce
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
