Prev-20 Home Next-20 6 msg DSN relay host 1 msg Restrict sender and from to one domain on outbo... 10 msg Outbound postfix routing issue Problem with Black List \ Sasa (7 May 2008) . \ Ralf Hildebrandt (7 May 2008) . \ Sasa (7 May 2008) . . \ Ralf Hildebrandt (7 May 2008) . . . \ Arturo 'Buanzo' Busleiman (7 May 2008) . . . \ mouss (7 May 2008) . . \ Sasa (8 May 2008) . . . \ Bill Cole (8 May 2008) . . . . \ mouss (8 May 2008) . . \ Sasa (9 May 2008) . . . \ mouss (9 May 2008) . . . \ Bill Cole (9 May 2008) . \ Sasa (7 May 2008) . \ Sasa (7 May 2008) . . \ mouss (7 May 2008) . . \ Bill Cole (7 May 2008) . \ Sasa (7 May 2008) . . \ mouss (7 May 2008) . \ Sasa (8 May 2008) . . \ mouss (8 May 2008) . \ Sasa (8 May 2008) . . \ Arne Hoffmann (8 May 2008) . . \ mouss (8 May 2008) . \ Sasa (8 May 2008) . . \ mouss (8 May 2008) 3 msg Looking at new mail server layout 26 msg why every minute: 'reload configuration /etc/po... 2 msg myhostname parameter 17 msg RBL problems with smarthost on private address ... 34 msg Backscatting filter? 3 msg how to setup postfix in 'deliver-only' mode? 7 msg Slow queue configuration 17 msg Some Windows SMTP Server have problems with STA... 5 msg For each check_ns or each check_mx, the value i... 4 msg postfix and spf 2 msg Password Validation in postfix 4 msg catching some spam with warn_if_reject and reje... 9 msg RFC: Check mail quota at a mail relay (backscat... 31 msg GPS vs GLD (greylisting) 3 msg Unmeant update from 2.2.10 to 2.5.1 27 msg mailq lockups Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users May-2008 Next-Thread Next-Msg Subject: Re: Problem with Black List Group: Postfix-users From: Sasa Date: 9 May 2008 Hi, so if I have understood correctly this resolution insn't good: [root@mail ~]# dig 157.15.174.81.cbl.abuset.org ; <<>> DiG 9.3.2 <<>> 157.15.174.81.cbl.abuset.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6185 ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;157.15.174.81.cbl.abuset.org. IN A ;; ANSWER SECTION: 157.15.174.81.cbl.abuset.org. 0 IN A 212.48.8.140 ;; Query time: 4184 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Fri May 9 21:41:56 2008 ;; MSG SIZE rcvd: 62 ..and this resolution is ok: [root@mail ~]# dig 157.15.174.81.cbl.abuset.org ; <<>> DiG 9.3.2 <<>> 157.15.174.81.cbl.abuset.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3438 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;157.15.174.81.cbl.abuset.org. IN A ;; AUTHORITY SECTION: org. 0 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2008158132 1800 900 604800 86400 ;; Query time: 89 msec ;; SERVER: 213.140.2.49#53(213.140.2.49) ;; WHEN: Fri May 9 22:28:16 2008 ;; MSG SIZE rcvd: 109 ..is correct my interpretation ? Thanks. ------ Salvatore. ----- Original Message ----- From: "Bill Cole" <postfixlists-070913> To: <postfix-users> Sent: Thursday, May 08, 2008 10:01 PM Subject: Re: Problem with Black List > At 9:00 PM +0200 5/8/08, Sasa wrote: >>Hi, unfortunately also for domain.it I am the postmaster ! >>Thanks. >> >>------ >> >> Salvatore. > > I think there may be some confusion grounded in the odd domain names, > which people may have assumed to be "munged" from their real names. Since > the MX for domain.it resolves to the same set of addresses as the A for > mx.test.it, I'm assuming that you haven't munged the domains and are > telling the truth. > > As postmaster, you should have access to all the hosts that act > as mail.test.it, as they are your mail exchangers. On whichever of those > machines actually rejected mail because of a bogus CBL hit, you should run > this command to look up the problem address in the CBL: > > dig 157.15.174.81.cbl.abuseat.org > > You should get a response something like this: > > > ; <<>> DiG 9.3.4 <<>> 157.15.174.81.cbl.abuseat.org > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20251 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;157.15.174.81.cbl.abuseat.org. IN A > > ;; AUTHORITY SECTION: > cbl.abuseat.org. 1200 IN SOA ns1-cbl.abuseat.org. > cbl.cbl.abuseat.org. 1210274309 3600 600 432000 1200 > > ;; Query time: 34 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Thu May 8 15:29:09 2008 > ;; MSG SIZE rcvd: 95 > > If you get an answer that does not have NXDOMAIN in the HEADER line and > has an ANSWER SECTION that includes A records showing something other than > 127.0.0.2 as the result, you are using a broken DNS server. > > You may be able to fix your problem while still using a broken DNS server > by specifying a result in your reject_rbl_client setting: > > reject_rbl_client cbl.abuseat.org=127.0.0.2 > > Anyone using a DNS resolver that they do not control or not paying very > close attention to the status of the DNSBL's they use should be specifying > results that way. Arguably, the default of treating any result in a DNSBL > lookup as a hit is a bug. ISP resolvers have increasingly been returning > bogus A records in place of NXDOMAIN in order to funnel web surfers to > their own advertising pages, and DNSBL zones can end up with wildcards > pointing to domain-vulture webservers, so taking any result as a hit is > dangerous. > > > > >>----- Original Message ----- From: "Arne Hoffmann" >><arne> >>To: <postfix-users> >>Sent: Thursday, May 08, 2008 7:46 PM >>Subject: Re: Problem with Black List >> >>>Sasa wrote: >>> >>>>Final-Recipient: rfc822; test >>>>Original-Recipient: rfc822;test >>>>Action: failed >>>>Status: 5.7.1 >>>>Remote-MTA: dns; mail.test.it >>>>Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host >>>> [81.174.15.157] blocked using cbl.abuseat.org >>> >>>Write a mail to postmaster and ask them to fix the problem. > > > -- > Bill Cole bill > > Prev-Msg Prev-Thread Postfix-users May-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com