Loading ...
Sorry, an error occurred while loading the content.

241905Re: Whitelist a host using check_client_access before the rbl check?

Expand Messages
  • Nicolas KOWALSKI
    Aug 4 8:36 AM
    • 0 Attachment
      On Mon, Aug 04, 2008 at 10:56:36AM -0400, Brian Evans - Postfix List wrote:
      > Nicolas KOWALSKI wrote:
      >> On Mon, Aug 04, 2008 at 08:58:01AM -0400, Charles Marcus wrote:
      >>
      >>> On 8/4/2008, Nicolas KOWALSKI (niko@...) wrote:
      >>>
      >>>> Aug 4 14:17:18 petole postfix/smtpd[23545]: NOQUEUE: reject: RCPT
      >>>> from 225.96.68-86.rev.gaoland.net[86.68.96.225]: 554 5.7.1 Service
      >>>> unavailable; Client host [86.68.96.225] blocked using
      >>>> zen.spamhaus.org;
      >>>>
      >>> THAT was the client...
      >>>
      >>> http://www.spamhaus.org/query/bl?ip=86.68.96.225;
      >>>
      >>>> from=<nicolas.kowalski@...> to=<niko@...>
      >>>> proto=ESMTP helo=<demisel.dyndns.org>
      >>>>
      >>> THAT was the helo...
      >>>
      >>> So, you're trying to whitelist a client using its helo...
      >>>
      >> But demisel.dyndns.org (currently) resolves to the above address
      >> (86.68.96.225) ; why doesn't postfix get it?
      > This is how it works:
      > Postfix receives a connect from an IP and does a lookup on that IP.
      > See what it returns yourself with 'host 86.68.96.225'
      >
      > In your case, the client address was 225.96.68-86.rev.gaoland.net (which
      > is a unqualified RDNS entry for a dynamic pool).
      > This is the value that check_client_access can find (either name or IP)

      Ok, I think I get it now.

      > The client said 'EHLO demisel.dyndns.org'.
      > This is the value that check_helo_access can find, though somewhat
      > unreliable to whitelist.

      I apparently have no other choices to whitelist-before-rbl such a
      dynamic pool's host.

      Thanks to all,
      --
      Nicolas
    • Show all 12 messages in this topic