Loading ...
Sorry, an error occurred while loading the content.

241901Re: Whitelist a host using check_client_access before the rbl check?

Expand Messages
  • Brian Evans - Postfix List
    Aug 4, 2008
    • 0 Attachment
      Nicolas KOWALSKI wrote:
      > On Mon, Aug 04, 2008 at 08:58:01AM -0400, Charles Marcus wrote:
      >
      >> Let me give this one a try... I *think* i see the problem...
      >>
      >> On 8/4/2008, Nicolas KOWALSKI (niko@...) wrote:
      >>
      >>> Aug 4 14:17:18 petole postfix/smtpd[23545]: NOQUEUE: reject: RCPT
      >>> from 225.96.68-86.rev.gaoland.net[86.68.96.225]: 554 5.7.1 Service
      >>> unavailable; Client host [86.68.96.225] blocked using
      >>> zen.spamhaus.org;
      >>>
      >> THAT was the client...
      >>
      >> http://www.spamhaus.org/query/bl?ip=86.68.96.225;
      >>
      >>> from=<nicolas.kowalski@...> to=<niko@...>
      >>> proto=ESMTP helo=<demisel.dyndns.org>
      >>>
      >> THAT was the helo...
      >>
      >> So, you're trying to whitelist a client using its helo...
      >>
      >
      > But demisel.dyndns.org (currently) resolves to the above address
      > (86.68.96.225) ; why doesn't postfix get it?
      >
      This is how it works:
      Postfix receives a connect from an IP and does a lookup on that IP.
      See what it returns yourself with 'host 86.68.96.225'

      In your case, the client address was 225.96.68-86.rev.gaoland.net (which
      is a unqualified RDNS entry for a dynamic pool).
      This is the value that check_client_access can find (either name or IP)

      The client said 'EHLO demisel.dyndns.org'.
      This is the value that check_helo_access can find, though somewhat
      unreliable to whitelist.

      Brian
    • Show all 12 messages in this topic