1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

9.5.1 postfix bug submission 587 users subjected to rbl and fail

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by 105547111, Apr 17, 2010.

  1. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    Now all my mail clients can't connect over 587 as they get killed off my zen.spamhaus as they are on dynamic IP addresses.

    port 587 should be excluded from RBLs

    How do I modify master.cf to allow only submission on 587 through?

    Its the update to 9.5.1 as the timestamp on master.cf has changed after the update and no one can send emails unless they on static IP.

    Extract from master.cf

    plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
    mailman unix - n n - - pipe flags=R user=mailman:mailman argv=/usr/lib/plesk-9.0/postfix-mailman ${nexthop} ${user} ${recipient}
    127.0.0.1:10025 inet n n n - - spawn user=mhandlers-user argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue
    127.0.0.1:10026 inet n - - - - smtpd -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o receive_override_options=no_unknown_recipient_checks
    127.0.0.1:10027 inet n n n - - spawn user=mhandlers-user argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote
    plesk_saslauthd unix y y y - 1 plesk_saslauthd status=5 listen=6 dbpath=/plesk/passwd.db
    smtps inet n - - - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025 -o smtpd_tls_wrappermode=yes
    submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_proxy_filter=127.0.0.1:10025


    Here is out of the mail log the user getting blocked:

    Apr 17 13:40:11 server postfix/smtpd[20067]: NOQUEUE: reject: RCPT from unknown[124.170.47.58]: 554 5.7.1 Service unavailable; Client host [124.170.47.58] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=124.170.47.58; from=<xx@xxxxx> to=<xx@xxxx> proto=ESMTP helo=<localhost.localdomain>

    The user is definitely using 587 and secure.
     
    Last edited: Apr 17, 2010
  2. ChristopheP

    ChristopheP Guest

    0
     
  3. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    Hi Christopher,

    I already modified the line order in main.cf of smtpd_client_restrictions to have all the RBL last, but I was missing permit_sasl_authenticated.

    I added this and see if this fixes it.
     
Loading...