• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

9.5.1 postfix bug submission 587 users subjected to rbl and fail

105547111

Silver Pleskian
Now all my mail clients can't connect over 587 as they get killed off my zen.spamhaus as they are on dynamic IP addresses.

port 587 should be excluded from RBLs

How do I modify master.cf to allow only submission on 587 through?

Its the update to 9.5.1 as the timestamp on master.cf has changed after the update and no one can send emails unless they on static IP.

Extract from master.cf

plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
mailman unix - n n - - pipe flags=R user=mailman:mailman argv=/usr/lib/plesk-9.0/postfix-mailman ${nexthop} ${user} ${recipient}
127.0.0.1:10025 inet n n n - - spawn user=mhandlers-user argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue
127.0.0.1:10026 inet n - - - - smtpd -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o receive_override_options=no_unknown_recipient_checks
127.0.0.1:10027 inet n n n - - spawn user=mhandlers-user argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote
plesk_saslauthd unix y y y - 1 plesk_saslauthd status=5 listen=6 dbpath=/plesk/passwd.db
smtps inet n - - - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025 -o smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_proxy_filter=127.0.0.1:10025


Here is out of the mail log the user getting blocked:

Apr 17 13:40:11 server postfix/smtpd[20067]: NOQUEUE: reject: RCPT from unknown[124.170.47.58]: 554 5.7.1 Service unavailable; Client host [124.170.47.58] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=124.170.47.58; from=<xx@xxxxx> to=<xx@xxxx> proto=ESMTP helo=<localhost.localdomain>

The user is definitely using 587 and secure.
 
Last edited:
Hi Christopher,

I already modified the line order in main.cf of smtpd_client_restrictions to have all the RBL last, but I was missing permit_sasl_authenticated.

I added this and see if this fixes it.
 
Back
Top