• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Input Whitelisting T-Online, GMX etc. by dnswl.org

Bitpalast

Plesk addicted!
Plesk Guru
Some well known Internet access providers use very few mail-out (sender) IPs for their SMTP servers. Normally, many of their SMTP servers are blacklisted, because of the millions of customers a few have been sending spam through them. When you are using a DNSBL like Spamcop in Plesk, mails from such providers will be blocked. As normally only a limited number of spam is actually coming from these providers, it can be a good idea to add the dnswl.org whitelist to the DNSBL service in your mail service.

This has been a Plesk feature request for many years listed here:
However, due to a very low vote count it has never been considered for implementation.

Anyway, while testing I found that it is easily possible to add list.dnswl.org to /etc/postfix/main.cf. The entry is maintained even through updates of the corresponding setting in Plesk GUI. When you add the entry to Posfix, the IPs of well known and normally reliable senders are excluded from blacklist tests, so that all the legitimate mail will pass. To add, simply modify /etc/postfix/main.cf

For example it could look similar to this after modification:
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_dnswl_client list.dnswl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client xbl.someblacklist.org, reject_rbl_client someotherblacklist.org

Save the modification, then
# service postfix restart
and you are all set.
 
Last edited:
I have made the following settings for 2 servers since some months:
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_dnswl_client list.dnswl.org, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client rbl.interserver.net, reject_rbl_client bl.0spam.org, reject_rbl_client bl.blocklist.de, reject_rbl_client multi.surbl.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client psbl.surriel.com, reject_rbl_client dnsrbl.swinog.ch, reject_rbl_client black. junkemailfilter.com, reject_rbl_client bl.suomispam.net, reject_rbl_client dnsbl.dronebl.org, reject_rbl_client truncate.gbudb.net, reject_rbl_client all.s5h.net, reject_rbl_client bl.spamcop.net
So I've activated the whitelist and any blacklists. However, emails are still arriving that should actually be blocked. Just today, another email arrived with an IP address that appears in numerous blacklists listed above (not just one) and NOT in the whitelist of list.dnswl.org (check at Search dnswl.org data – dnswl.org). So, it should actually have been blocked. In the logs, I see that emails are still being blocked. So, the spam blocking is working, but unfortunately, it's not reliable. Without “permit_dnswl_client list.dnswl.org” too much is blocked, with “permit_dnswl_client list.dnswl.org” too little is blocked or is not blocked reliably.
Have anybody an idea to solve this problem?
 
Back
Top