1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Bug: DNSBL checks supersede SMTP-AUTH

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by goebelmeier, May 5, 2009.

  1. goebelmeier

    goebelmeier Guest

    Hey folks,

    i just migrated from Plesk 8.6.0 to 9.2.1 (and from qmail to postfix too) and had to recognize that every incoming email is checked against DNSBL. In my opinion this should only be done if there is no AUTH request sent by client. I had to remove all DNSBL blocking dynamic IPs to let my customers send email again.

    Are there any other fixes yet, which allow me to enable my favourite blacklists again?

    Regards, Timo
  2. albans

    albans Regular Pleskian

    Nov 29, 2005
    Likes Received:

    If you're using postfix, it's pretty easy to correct.
    Check this post: http://forum.parallels.com/showthread.php?t=85930&highlight=postfix
    It concerns /etc/postfix/main.cf

    If you're using qmail, you've to enable another SMTP port (587) for sending email with no RBL checks. It can be done via the Plesk control panel, under "mail server settings".
  3. sbillis

    sbillis Basic Pleskian

    Mar 2, 2007
    Likes Received:

    I don't think that this is a bug. I also came across this when using SSL (I'm using qmail with tcp-env) and told my users to either:
    a) Use their ISP mail relay host.
    b) Get a fixed IP address or stop sending spam from their fixed IP address.

    This is a very useful feature as it helps stop the flow of spam across the internet. Consider this... you have a customer who signs up with you and all is well for a few days.... They become infected with a trojan and are turned into a spam bot. All mail from their IP address is blocked except via your server. You get a rep as a spam relay.

    If you want to examine further the arguments that are passed to tcp-env by xinetd see (for example) /etc/xinet.d/smtps_psa

    As the post above also states, using the SMTP submission port also negates the DNSBL checks.
    Last edited: May 5, 2009
  4. goebelmeier

    goebelmeier Guest