Hi,
When someone sends an email to our user they get this error.
554: Connection from IP address rejected for policy reasons. host found in DNS blacklist at dnsbl.sorbs.net
I mean we cannot get any email from yahoo.com or gmail.com domains. I think there should be some settings to disable "dnsbl.sorbs.net" control process.
I tried so many things starting this case but I could not solve my problem yet.
is there any suggestion what to do? to solve this issiue.
Regards
When someone sends an email to our user they get this error.
554: Connection from IP address rejected for policy reasons. host found in DNS blacklist at dnsbl.sorbs.net
I mean we cannot get any email from yahoo.com or gmail.com domains. I think there should be some settings to disable "dnsbl.sorbs.net" control process.
I tried so many things starting this case but I could not solve my problem yet.
is there any suggestion what to do? to solve this issiue.
Regards
In Firewall
Share this post:
Responses (14)
-
Accepted Answer
Just post a log snippet for one of the rejected e-mails between code tags.
You may also need to investigate postfix logging. It can be made much more verbose and you can restrict it to one or a few IP's. -
Accepted Answer
the first e-mail arrives a couple of minutes later after They send.
Yes, they are bouncing back mentioning SORBS please find my last maillog file. I could not find any records about sorbs in my mail log
Mail sender server is yahoo.com I tried my own yahoo account to see the result If my problem is solved. I sent one mail in one minute.
I could not add my log file becuse of I am not allowed to upload txt or .log file -
Accepted Answer
the first e-mail arrives a couple of minutes later after They send.
Yes, they are bouncing back mentioning SORBS please find my last maillog file. I could not find any records about sorbs in my mail log
Mail sender server is yahoo.com I tried my own yahoo account to see the result If my problem is solved. I sent one mail in one minute. -
Accepted Answer
the first e-mail arrives a couple of minutes later after They send.
Yes, they are bouncing back mentioning SORBS please find my last maillog file. I could not find any records about sorbs in my mail log
Mail sender server is yahoo.com I tried my own yahoo account to see the result If my problem is solved. I sent one mail in one minute. -
Accepted Answer
the first e-mail arrives a couple of minutes later after They send.
Yes, they are bouncing back mentioning SORBS please find my last maillog file. I could not find any records about sorbs in my mail log
Mail sender server is yahoo.com I tried my own yahoo account to see the result If my problem is solved. I sent one mail in one minute. -
Accepted Answer
What are your mail logs showing for these e-mails.
Note that postgrey will give at least 5 min delay for the first sender/sender IP/recipient combination it receives unless the sender is whitelisted. It depends how often the sending server waits until it tries sending again after postgrey tells it to wait a bit.
Are the mails still bouncing back mentioning SORBS? -
Accepted Answer
still I could not solve my dnsbl.sorbs.net problem. It is still running
I tested then I saw that some e-mails from yahoo.com or gmail.com have not reached.
I don't understand for example I sent 5 emails from yahoo. I got 4 of 5. after a couple of minutes i tried more 5 emails. 2 of 5 have been reached.
I need to disable sorbs in ClearOS. -
Accepted Answer
-
Accepted Answer
Hi,
Graylisting is running. I have ClearOS 7.x installed with 2 MultiWAN which one of them stays offline because of unresolved problem
I have added lines"smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
then restarted postfix service. Good luck for me
but I have mail server in my network. are this settings correct according to my network and servers?
Thank You. -
Accepted Answer
That looks like you've just pinched my smtpd_recipient_restrictions line which you can't do directly. You need to enable the Greylisting app first then make the change. Also you now have an open relay which is a disaster (or may stop postfix from loading?).
If you want to use my line and have ClearOS 7.x, please also add a line:
or with ClearOS 6.x or 7.x add reject_unauth_destination before the reject_rbl_client zen.spamhaus.org line. Either one will stop the open relay.smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
-
Accepted Answer
Hi,
Here is the output of postconf -n after I updated main.cf as you mentioned
Note: Graylisting service is running but I did not change default settings of it. I am not sure how it works or It's related to dnsbl.sorbs.net ?
[root@gateway ~]# service postfix reload
Redirecting to /bin/systemctl reload postfix.service
[root@gateway ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 6h
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = mailprefilter
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = $alias_maps $virtual_alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 102400000
mailbox_transport = mailpostfilter
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
message_strip_characters = \0
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = aysis.lcl
myhostname = aysis.lcl
mynetworks = 127.0.0.0/8 [::1]/128, [::1]/128, 192.168.2.3, 192.168.2.12, 192.168.2.14
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
recipient_delimiter = +
relay_domains = $mydestination, aysis.org, cumhurata.eu, posta.aysis.org, mail.cumhurata.eu, standartkatiatik.com.tr
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, check_policy_service unix:/var/spool/postfix/postgrey/socket, reject_unauth_pipelining, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $alias_maps, $virtual_maps, ldap:/etc/postfix/imap-aliases.cf, ldap:/etc/postfix/imap-groups.cf
[root@gateway ~]# -
Accepted Answer
It is still in your lower clock of code! Or is that what it was originally? My original one was:
I would suggest you generally don't do spam blocking in smtpd_recipient_restrictions as it is black and white. I would leave it to spamassassin where you can give each blocklist a score. Have a look at how Joe Slow did it here, but note the post is old and not all the blocklists work any more. Also, if you look at his main.cf, be wary of some of the restrictions because I have found some of them to be over-tight.smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
My smtpd_recipient_restrictions read:
Note I've activated greylisting but I've changed the ordering. I only trust absolutely zen.spamhaus.org. Everything else is left to spamassassin.smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_invalid_hostname,
check_policy_service unix:/var/spool/postfix/postgrey/socket,
reject_unauth_pipelining,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org
After you think you've removed sorbs from main.cf and reloaded postfix, can you give the output to "postconf -n" -
Accepted Answer
Hi,
I have removed sorbs record from my main.cf then restarted the postfix service but nothing is changed.
I still do not know what to do
Orijinal Code
#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client dnsbl.sorbs.net, permit
CHANGED to THIS
smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_invalid_hostname,reject_unauth_pipelining,reject_rbl_client zen.spamhaus.org,reject_rbl_client truncate.gbudb.net,reject_rbl_client dnsbl.njabl.orgreject_rbl_client cbl.abuseat.orgreject_rbl_client bl.spamcop.net,reject_rbl_client dnsbl.sorbs.net,sleep 1,permit
-
Accepted Answer
Firstly this was a necro-bump of a thread nearly three years old and a very different subject. Really it would have been better to have started a new thread, so I've split it out.
The attachment is showing you are rejecting the e-mail because the sender was on a blacklist. This is correct. Can I suggest you do a blacklist check? It is up to Google to get the IP delisted.
If you want to open up your server you could change your spam policy not to discard spam.
I am not sure what is causing the SORBS check to happen as I have modified configs. I'll try and hunt it down.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »