New MAPS RBL config w/ activation codes

02/03/2006, 19h28

Greetings folks,

Wondering if anyone here is still using the MAPS RBL? They recently
stopped allowing DNS zone xfers and are forcing clients to use direct
lookups to their servers. Typically my postfix config (with zone
xfers) would look like this:

smtpd_recipient_restrictions =
<snip>
reject_rbl_client rbl-plus.mail-abuse.org,
<snip>

Mail was being rejected properly with the default RBL reply:

mx03 postfix/smtpd[12565]: [ID 197553 mail.info] NOQUEUE: reject: RCPT
from c55-239.icpnet.pl[62.21.55.239]: 554 Service unavailable; Client
host [62.21.55.239] blocked using rbl-plus.mail-abuse.org;
from=<dfhpjsqaomyq@es.oetiker.com> to=<rgehl@example.com> proto=SMTP
helo=<c55-239.icpnet.pl>

---

The new cfg looks like this:

# smtpd_recipient_restrictions=
...
reject_rbl_client activationcode.r.mail-abuse.com,
....

(where "activationcode" is the special string that Trend sends you)

# Add the command to check for a rbl_reply map.

* rbl_reply_maps = hash:/$config_directory/rbl_reply

Then create the rbl_reply map:

activationcode.r.mail-abuse.com 550 Service unavailable; $rbl_class
[$rbl_what] blocked using Trend Micro RBL+. Please see
http://www.mail-abuse.com/cgi-bin/lookup?ip_address=$rbl_what${rbl_reason?;
$rbl_reason}

....then postmap hash:rbl_reply, then reload postfix and it's supposed
to fire right up.

Thus far, however, I've put these different cfgs in place in the
main.cf, created and postmapped the reply file, and there have been
zero hits on this (compared to roughly one every 5-10 mins when using
the old config).

Any ideas where I may have gone wrong?

02/03/2006, 23h12

The first thing to do is to make sure that your server can
query the RBL server. Usually the RBL site will have a test
code for you to query on, such as 127.0.0.2 or 127.0.0.4.

This is done on your end like this:

$ nslookup 2.0.0.127.activationcode.r.mail-abuse.com

A successful query to a valid test code will return a result
like 127.0.0.4 or something similar. A failure will return NXDOMAIN.

--
Greg

pbeckhelm@gmail.com wrote:
> Greetings folks,
>
> Wondering if anyone here is still using the MAPS RBL? They recently
> stopped allowing DNS zone xfers and are forcing clients to use direct
> lookups to their servers. Typically my postfix config (with zone
> xfers) would look like this:
>
> smtpd_recipient_restrictions =
> <snip>
> reject_rbl_client rbl-plus.mail-abuse.org,
> <snip>
>
> Mail was being rejected properly with the default RBL reply:
>
> mx03 postfix/smtpd[12565]: [ID 197553 mail.info] NOQUEUE: reject: RCPT
> from c55-239.icpnet.pl[62.21.55.239]: 554 Service unavailable; Client
> host [62.21.55.239] blocked using rbl-plus.mail-abuse.org;
> from=<dfhpjsqaomyq@es.oetiker.com> to=<rgehl@example.com> proto=SMTP
> helo=<c55-239.icpnet.pl>
>
> ---
>
> The new cfg looks like this:
>
> # smtpd_recipient_restrictions=
> ...
> reject_rbl_client activationcode.r.mail-abuse.com,
> ...
>
> (where "activationcode" is the special string that Trend sends you)
>
> # Add the command to check for a rbl_reply map.
>
> * rbl_reply_maps = hash:/$config_directory/rbl_reply
>
> Then create the rbl_reply map:
>
> activationcode.r.mail-abuse.com 550 Service unavailable; $rbl_class
> [$rbl_what] blocked using Trend Micro RBL+. Please see
> http://www.mail-abuse.com/cgi-bin/lookup?ip_address=$rbl_what${rbl_reason?;
> $rbl_reason}
>
> ...then postmap hash:rbl_reply, then reload postfix and it's supposed
> to fire right up.
>
> Thus far, however, I've put these different cfgs in place in the
> main.cf, created and postmapped the reply file, and there have been
> zero hits on this (compared to roughly one every 5-10 mins when using
> the old config).
>
> Any ideas where I may have gone wrong?
>

03/03/2006, 06h34

> The new cfg looks like this:
>
> # smtpd_recipient_restrictions=
> ...
> reject_rbl_client activationcode.r.mail-abuse.com,

Try smtpd_client_restrictions instead of smtpd_recipient_restrictions

--
Greg

04/03/2006, 00h22

The devil, as usual, is in the details. I had been using
"activationcode.r.mail-abuse.org" in my recipient restrictions section
(instead of the .com noted in their config notes). That was the rub
and once changed everything started humming along smoothly. *roll
eyes*

Thanks for the replies :-)

Patrick

02/03/2006, 19h28	#1
pbeckhelm@gmail.com Messages: n/a Hébergeur:	New MAPS RBL config w/ activation codes Greetings folks, Wondering if anyone here is still using the MAPS RBL? They recently stopped allowing DNS zone xfers and are forcing clients to use direct lookups to their servers. Typically my postfix config (with zone xfers) would look like this: smtpd_recipient_restrictions = <snip> reject_rbl_client rbl-plus.mail-abuse.org, <snip> Mail was being rejected properly with the default RBL reply: mx03 postfix/smtpd[12565]: [ID 197553 mail.info] NOQUEUE: reject: RCPT from c55-239.icpnet.pl[62.21.55.239]: 554 Service unavailable; Client host [62.21.55.239] blocked using rbl-plus.mail-abuse.org; from=<dfhpjsqaomyq@es.oetiker.com> to=<rgehl@example.com> proto=SMTP helo=<c55-239.icpnet.pl> --- The new cfg looks like this: # smtpd_recipient_restrictions= ... reject_rbl_client activationcode.r.mail-abuse.com, .... (where "activationcode" is the special string that Trend sends you) # Add the command to check for a rbl_reply map. * rbl_reply_maps = hash:/$config_directory/rbl_reply Then create the rbl_reply map: activationcode.r.mail-abuse.com 550 Service unavailable; $rbl_class [$rbl_what] blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=$rbl_what${rbl_reason?; $rbl_reason} ....then postmap hash:rbl_reply, then reload postfix and it's supposed to fire right up. Thus far, however, I've put these different cfgs in place in the main.cf, created and postmapped the reply file, and there have been zero hits on this (compared to roughly one every 5-10 mins when using the old config). Any ideas where I may have gone wrong?

02/03/2006, 23h12	#2
Greg Hackney Messages: n/a Hébergeur:	Re: New MAPS RBL config w/ activation codes The first thing to do is to make sure that your server can query the RBL server. Usually the RBL site will have a test code for you to query on, such as 127.0.0.2 or 127.0.0.4. This is done on your end like this: $ nslookup 2.0.0.127.activationcode.r.mail-abuse.com A successful query to a valid test code will return a result like 127.0.0.4 or something similar. A failure will return NXDOMAIN. -- Greg pbeckhelm@gmail.com wrote: > Greetings folks, > > Wondering if anyone here is still using the MAPS RBL? They recently > stopped allowing DNS zone xfers and are forcing clients to use direct > lookups to their servers. Typically my postfix config (with zone > xfers) would look like this: > > smtpd_recipient_restrictions = > <snip> > reject_rbl_client rbl-plus.mail-abuse.org, > <snip> > > Mail was being rejected properly with the default RBL reply: > > mx03 postfix/smtpd[12565]: [ID 197553 mail.info] NOQUEUE: reject: RCPT > from c55-239.icpnet.pl[62.21.55.239]: 554 Service unavailable; Client > host [62.21.55.239] blocked using rbl-plus.mail-abuse.org; > from=<dfhpjsqaomyq@es.oetiker.com> to=<rgehl@example.com> proto=SMTP > helo=<c55-239.icpnet.pl> > > --- > > The new cfg looks like this: > > # smtpd_recipient_restrictions= > ... > reject_rbl_client activationcode.r.mail-abuse.com, > ... > > (where "activationcode" is the special string that Trend sends you) > > # Add the command to check for a rbl_reply map. > > * rbl_reply_maps = hash:/$config_directory/rbl_reply > > Then create the rbl_reply map: > > activationcode.r.mail-abuse.com 550 Service unavailable; $rbl_class > [$rbl_what] blocked using Trend Micro RBL+. Please see > http://www.mail-abuse.com/cgi-bin/lookup?ip_address=$rbl_what${rbl_reason?; > $rbl_reason} > > ...then postmap hash:rbl_reply, then reload postfix and it's supposed > to fire right up. > > Thus far, however, I've put these different cfgs in place in the > main.cf, created and postmapped the reply file, and there have been > zero hits on this (compared to roughly one every 5-10 mins when using > the old config). > > Any ideas where I may have gone wrong? >

03/03/2006, 06h34	#3
Greg Hackney Messages: n/a Hébergeur:	Re: New MAPS RBL config w/ activation codes > The new cfg looks like this: > > # smtpd_recipient_restrictions= > ... > reject_rbl_client activationcode.r.mail-abuse.com, Try smtpd_client_restrictions instead of smtpd_recipient_restrictions -- Greg

04/03/2006, 00h22	#4
setuidzero@gmail.com Messages: n/a Hébergeur:	Re: New MAPS RBL config w/ activation codes The devil, as usual, is in the details. I had been using "activationcode.r.mail-abuse.org" in my recipient restrictions section (instead of the .com noted in their config notes). That was the rub and once changed everything started humming along smoothly. roll eyes Thanks for the replies :-) Patrick

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email