# Postfix RBL



## skorpion2001 (27. Dez. 2009)

Guten Tag,
Ich habe folgendes Problem, in meiner Konfiguration von Postfix habe ich 3 RBL Server eingetragen, nur wird anscheinend keiner von dennen abgefragt.

Wie kann ich überprüfen ob diese abgefragt werden oder nicht.


----------



## Till (28. Dez. 2009)

Poste bitte mal die Zeilen aus der main.cf, wo Du sie eingetragen hast.


----------



## skorpion2001 (28. Dez. 2009)

Der einfach halber Poste ich mal die komplette Main.cf:

# LOCAL PATHNAME INFORMATION
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/local/postfix

# QUEUE AND PROCESS OWNERSHIP
mail_owner = postfix

# INTERNET HOST AND DOMAIN NAMES
myhostname = gundix.crw-home.lan
mydomain = crw-home.lan

# SENDING MAIL
#myorigin = $myhostname
myorigin = $mydomain

# RECEIVING MAIL
inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost

# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#local_recipient_maps = unixasswd.byname $alias_maps
local_recipient_maps =
unknown_local_recipient_reject_code = 550

# TRUST AND RELAY CONTROL
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host

mynetworks = 127.0.0.0/8, 192.168.11.0/24

#relay_domains = $mydestination

# INTERNET OR INTRANET
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
relayhost = mail.crw.de

# set default db type to btree
default_database_type = btree

# ALIAS DATABASE
alias_maps = btree:/etc/aliases
alias_database = btree:/etc/aliases

# ADDRESS EXTENSIONS (e.g., user+foo)
recipient_delimiter = +

mail_spool_directory = /var/spool/postfix/virtual

mail_restrict_map = proxy:mysql:/etc/postfix/mysql-virtual_restrictions.cf

proxy_read_maps =
   $local_recipient_maps,
   $mydestination,
   $virtual_alias_maps,
   $virtual_alias_domains,
   $virtual_mailbox_maps,
   $virtual_mailbox_domains,
   $virtual_mailbox_limit_maps,
   $relay_recipient_maps,
   $relay_domains,
   $canonical_maps,
   $sender_canonical_maps,
   $recipient_canonical_maps,
   $relocated_maps,
   $transport_maps,
   $mynetworks,
   $mail_restrict_map,
   $smtpd_recipient_restrictions

# FAST ETRN SERVICE
#fast_flush_domains = $relay_domains

# SHOW SOFTWARE VERSION OR NOT
# You MUST specify $myhostname at the start of the text.
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

# PARALLEL DELIVERY TO THE SAME DESTINATION
local_destination_concurrency_limit = 1
#default_destination_concurrency_limit = 20
maildrop_destination_recipient_limit = 1

# DEBUGGING CONTROL
debug_peer_level = 2
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain

# INSTALL-TIME CONFIGURATION INFORMATION
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/share
sample_directory = /etc/postfix
readme_directory = no

transport_maps =
    proxy:mysql:/etc/postfix/mysql-transport.cf,
    pcre:/etc/postfix/static-transport.pcre
fax_destination_recipient_limit = 1

canonical_maps = btree:/etc/postfix/canonical

virtual_alias_maps =
    proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
    proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_uid_maps = static:910
virtual_gid_maps = static:910
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/spool/postfix/virtual
virtual_transport = maildrop
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_limit.cf
virtual_overquota_bounce = yes
# virtual_mailbox_limit = 51200000
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes

# change queue_lifetime for MX backup server
bounce_queue_lifetime = 5d
maximal_queue_lifetime = 5d

# set max message size to 30 MB
message_size_limit = 30670000

relocated_maps = btree:/etc/postfix/relocated
sender_canonical_maps =

masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient

masquerade_domains = $mydomain
defer_transports =

disable_dns_lookups = no

strict_rfc821_envelopes = yes
smtpd_helo_required = yes

# restriction classes
smtpd_restriction_classes =
    restrictions_0,
    restrictions_1,
    restrictions_2,
    restrictions_3,
    restrictions_4,
    restrictions_5,
    restrictions_6,
    restrictions_7,
    restrictions_8,
    restrictions_9

restrictions_0 = permit_mynetworks

# reject codes: mailadress, reject on client access table ,not dns based hostname
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 450

# sender (user@domain.tld)/hostname (host.domain.tld) not fqdn; mailservers without reverse DNS entry
restrictions_1 =
    reject_unknown_client_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_hostname,

# use access list
restrictions_2 =
    check_client_access btree:/etc/postfix/access_client

restrictions_3 =
    reject_non_fqdn_sender,
    reject_non_fqdn_hostname,
    reject_unknown_client_hostname,
    check_client_access btree:/etc/postfix/access_client

# use dyn-clientlist filter
restrictions_4 =
    reject_non_fqdn_sender,
    reject_non_fqdn_hostname,
    reject_unknown_client_hostname,
    check_client_access pcre:/etc/postfix/access_dyn_clients.pcre,
    check_client_access btree:/etc/postfix/access_client

restrictions_5 =
    permit_mynetworks

restrictions_6 =
    permit_mynetworks

restrictions_7 =
    permit_mynetworks

restrictions_8 =
    permit_mynetworks

# block all external e-mails
restrictions_9 = REJECT

smtpd_helo_restrictions =

smtpd_sender_restrictions =

smtpd_client_restrictions =

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unlisted_recipient,
    reject_unauth_destination,
    check_client_access proxy:mysql:/etc/postfix/mysql-client_access.cf,
    check_recipient_access proxy:mysql:/etc/postfix/mysql-recipient_access.cf,
    check_sender_access proxy:mysql:/etc/postfix/mysql-sender_access.cf,
    reject_invalid_helo_hostname,
    check_client_access pcre:/etc/postfix/access_clientblocks.pcre,
    proxy:mysql:/etc/postfix/mysql-virtual_restrictions.cf,
    check_sender_mx_access proxy:cidr:/etc/postfix/bogus_mx.cidr,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client ix.dnsbl.manitu.net,
    check_policy_service inet:127.0.0.2:10031,
    permit

smtpd_data_restrictions =
    permit_sasl_authenticated,
    check_client_access cidr:/etc/postfix/spam_check.cidr

milter_default_action = accept

smtpd_milters =

mime_header_checks = pcre:/etc/postfix/mime_header_checks.pcre
header_checks = pcre:/etc/postfix/header_checks.pcre
content_filter = scan:[127.0.0.2]:10025
receive_override_options = no_address_mappings

minimal_backoff_time = 300s


smtp_use_tls = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = btree:/etc/postfix/smtp_auth
smtp_sasl_security_options =
smtp_sender_dependent_authentication = yes

#---------- SASL ----------------------------------------------------
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

#---------- TLS -----------------------------------------------------
tls_daemon_random_source         = dev:/dev/urandom
tls_random_source                = dev:/dev/urandom
tls_random_prng_update_period    = 3600s


----------



## Till (29. Dez. 2009)

Die smtpd_recipient_restrictions sehen soweit ok aus. Kannst Du denn die RBL Server anpingen. möglichwrweise hast Du ein Problem mit der DNS Auflösung.


----------



## skorpion2001 (29. Dez. 2009)

An der Namensauflösung liegt es nicht die Server sind anpingbar, es scheint mir als ob der Postfix erst gar nicht versucht die Server zu erreichen. Einen Versuch der Namensauflösung noch des Verbindungsaufbaues kann ich im Routerlog finden.


----------

