Whitelists not working

[hgmichna]

I am running Plesk 10.3 with postfix, but the defect has, as far as I can remember, always been there. I am currently more concerned with the whitelists, but the blacklists also do not work.

I have disabled the antivirus function, presumably DrWeb. I also do not use SpamAssassin. I rely on DNS blacklists, and apparently these catch 97% of all incoming spam.

I would like to use at least one sharper, faster blacklist like uceprotect, because that would catch at least another third of the remaining spam, but for that I need a whitelist, ideally one that works with mail addresses, rather than server IP addresses. But the latter would also be a reasonable solution.

Plesk offers two whitelist and blacklist combinations, one in the server-wide mail settings and one in the spam filter settings. For the latter please let me know whether they are actually meant to work, even if SpamAssassin is disabled. It would be nice if they did. It would also be nice if Plesk did not create the illusion of a functioning whitelist and blacklist, if, in fact, these functions are not working.

In any case the whitelist and the blacklist in the server-wide mail settings is defective. Superficial analysis appears to show that Plesk writes files in a .db format that postfix does not understand.

The following thread also mentions that the whitelist is not working as expected in relation to authentication on port 25: http://forum.parallels.com/showthread.php?t=108952

 

[IgorG]

I have informed developers. Let's wait their answer.

 

[IgorG]

Try to apply this solution - http://kb.odin.com/en/9062
According to developers it should work on 10.3 too.

 

[hgmichna]

Thanks, but the description does not quite fit my situation. In my postfix main.cf file I have a parameter:

smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:...

This looks like it should be, but is a different parameter.

Then I have:

smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org, ...

That parameter does not have permit_mynetworks at all, neither at the beginning, nor at the end. I also have not changed these parameters manually, only through the Plesk web user interface. Thus my situation does not quite fit the error description.

I may be able to wait for Plesk 10.4, in the sure knowledge that this defect will be fixed in that next version.

 

[IgorG]

Workaround is to manually edit beginning of smtpd_client_restrictions option in /etc/postfix/main.cf manually adding permit_mynetworks
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client sbl.spamhaus.org, reject_rbl_cli...
Plesk should honour this additional custom option and preserve it across the configuration changes.

 

[hgmichna]

Thanks again! I have done this, changed the DNSBL entries, and indeed the new first entry stays in place.

It would still be good if the next Plesk version put it there on its own.

How about the following request?

Plesk offers two whitelist and blacklist combinations, one in the server-wide mail settings and one in the spam filter settings. For the latter please let me know whether they are actually meant to work, even if SpamAssassin is disabled.

It would be nice if they did. It would also be nice if Plesk did not create the illusion of a functioning whitelist and blacklist, if, in fact, these functions are not working.

 

[IgorG]

Of course white/black lists are supposed to actually work (checkboxes have been drawn in the interface not only for appearance). Is there an actual problem with enough details so we could investigate and act upon it?

 

[hgmichna]

Here I am talking about the blacklist at Settings, Spam Filter Settings, Blacklist. The blacklist is supposed to accept mail addresses including wildcard characters.

On my server this blacklist appears to be totally ineffective. Spam mails from addresses that are in the blacklist actually get through.

I am not sure which address the server checks. Is it the From address or the Sender address? Or the Reply-To address? Or any of them? But I have tried all of them and none has worked.

SpamAssassin is not working. I have not purchased a license key. I hope that SpamAssassin is not needed for the blacklist and whitelist.

 

[jhuedder]

Is there any workaround like adding a parameter to main.cf that makes postfix accepting mail from authenticated users even if their IP is on a DNSBL (e.g. because it's dynamic)?

I have that problem fpr example on smartphones that come through a proxy of their mobile provider. Those proxies are almost every time on lists like sbl.spamhaus.org or xbl.spamhaus.org which prevents them from sending mail from their mobile devices.

Thanks, Jörg

 

[hgmichna]

That problem is also discussed in http://forum.parallels.com/showthread.php?t=108952 .

Your easiest solution is to tell all your users to use port 587 instead of 25. Check http://michna.com/server/ for settings, including port numbers and SSL/TLS settings.