Current time: 11-17-2024, 12:36 PM Hello There, Guest! (LoginRegister)


Post Reply 
whitelisting poorly configured mail servers
Author Message
grungy Offline
Junior Member
*

Posts: 190
Joined: Dec 2006
Reputation: 6
Post: #1
whitelisting poorly configured mail servers
I have a client who needs to get mails from certain people that have poorly configured servers....the problem is they send mails from local server with dynamic ip address and non existent hostname:

Code:
Jul 21 19:15:31 emperor postfix/smtpd[7329]: NOQUEUE: reject: RCPT from 82-68-135-86.dsl.in-addr.zen.co.uk[82.68.135.86]: 550 5.7.1 <cleint@domain>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ms01.freighttransport.local, MTA hostname: 82-68-135-86.dsl.in-addr.zen.co.uk[82.68.135.86] (helo/hostname mismatch); from=<patrick.burnel@freighttransport.co.uk> to=<cleint@domain> proto=ESMTP helo=<MS01.freighttransport.local>


Is there a way to allow my client to receive mails from this poorly configured server...he keeps bugging me about how he is loosing money Smile

some kind of whitelist? searched the forum but did not find a way to whitelist a domain name, only ip address, which is dynamic so it does not help me at all...

tnx
(This post was last modified: 07-28-2008 07:59 PM by grungy.)
07-28-2008 07:59 PM
Visit this user's website Find all posts by this user Quote this message in a reply
grungy Offline
Junior Member
*

Posts: 190
Joined: Dec 2006
Reputation: 6
Post: #2
RE: whitelisting poorly configured mail servers
All guru is on holiday? Smile
07-29-2008 09:44 PM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #3
RE: whitelisting poorly configured mail servers
Well, maybe a bit late but you can use a postfix access map to skip policyd-weight & postgrey for this IP. I also have another access map where I can skip them on a per-recipient basis (when a customer explicitly requests it), and the config looks like this:

/etc/postfix/main.cf
Code:
...
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
                               reject_unknown_recipient_domain,
                               permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_unlisted_recipient,
+                             check_client_access    hash:/etc/postfix/client_whitelist,
+                             check_recipient_access hash:/etc/postfix/recipient_whitelist,
                               check_policy_service inet:127.0.0.1:12525,
                               check_policy_service inet:127.0.0.1:60000,
                               permit
...

The /etc/postfix/client_whitelist (that must be postmapped everytime you change it) lists IP's or networks of whitelisted external servers, like:
Code:
192.168.0.1             OK
192.168.1.0/24        OK

The /etc/postfix/recipient_whitelist (also needs to be postmapped) lists recipients (single addresses or whole domains) that don't want policyd & postgrey enabled (paranoid customers that think they're loosing mails), like:
Code:
customer@domain.tld
domain.tld

That's it! Smile
08-09-2008 03:04 AM
Visit this user's website Find all posts by this user Quote this message in a reply
grungy Offline
Junior Member
*

Posts: 190
Joined: Dec 2006
Reputation: 6
Post: #4
RE: whitelisting poorly configured mail servers
Is there a way to whitelist a domain for followinf rules:

reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
08-16-2008 12:34 PM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #5
RE: whitelisting poorly configured mail servers
As policyd-weight already checks the helo and hostname settings I've disabled this restrictions in postfix, so when I whitelist a server using the described method it also bypasses those checks...
08-18-2008 03:20 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 3 Guest(s)