1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Whitelists not working

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by hgmichna, Jul 10, 2011.

  1. hgmichna

    hgmichna Basic Pleskian

    24
    23%
    Joined:
    Oct 3, 2008
    Messages:
    69
    Likes Received:
    0
    Location:
    Munich, Germany
    I am running Plesk 10.3 with postfix, but the defect has, as far as I can remember, always been there. I am currently more concerned with the whitelists, but the blacklists also do not work.

    I have disabled the antivirus function, presumably DrWeb. I also do not use SpamAssassin. I rely on DNS blacklists, and apparently these catch 97% of all incoming spam.

    I would like to use at least one sharper, faster blacklist like uceprotect, because that would catch at least another third of the remaining spam, but for that I need a whitelist, ideally one that works with mail addresses, rather than server IP addresses. But the latter would also be a reasonable solution.

    Plesk offers two whitelist and blacklist combinations, one in the server-wide mail settings and one in the spam filter settings. For the latter please let me know whether they are actually meant to work, even if SpamAssassin is disabled. It would be nice if they did. It would also be nice if Plesk did not create the illusion of a functioning whitelist and blacklist, if, in fact, these functions are not working.

    In any case the whitelist and the blacklist in the server-wide mail settings is defective. Superficial analysis appears to show that Plesk writes files in a .db format that postfix does not understand.

    The following thread also mentions that the whitelist is not working as expected in relation to authentication on port 25: http://forum.parallels.com/showthread.php?t=108952
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,571
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    I have informed developers. Let's wait their answer.
     
  3. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,571
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
  4. hgmichna

    hgmichna Basic Pleskian

    24
    23%
    Joined:
    Oct 3, 2008
    Messages:
    69
    Likes Received:
    0
    Location:
    Munich, Germany
    Thanks, but the description does not quite fit my situation. In my postfix main.cf file I have a parameter:

    smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:...

    This looks like it should be, but is a different parameter.

    Then I have:

    smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org, ...

    That parameter does not have permit_mynetworks at all, neither at the beginning, nor at the end. I also have not changed these parameters manually, only through the Plesk web user interface. Thus my situation does not quite fit the error description.

    I may be able to wait for Plesk 10.4, in the sure knowledge that this defect will be fixed in that next version. :)
     
  5. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,571
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Workaround is to manually edit beginning of smtpd_client_restrictions option in /etc/postfix/main.cf manually adding permit_mynetworks
    smtpd_client_restrictions = permit_mynetworks, reject_rbl_client sbl.spamhaus.org, reject_rbl_cli...
    Plesk should honour this additional custom option and preserve it across the configuration changes.
     
  6. hgmichna

    hgmichna Basic Pleskian

    24
    23%
    Joined:
    Oct 3, 2008
    Messages:
    69
    Likes Received:
    0
    Location:
    Munich, Germany
    Thanks again! I have done this, changed the DNSBL entries, and indeed the new first entry stays in place.

    It would still be good if the next Plesk version put it there on its own.

    How about the following request?

    Plesk offers two whitelist and blacklist combinations, one in the server-wide mail settings and one in the spam filter settings. For the latter please let me know whether they are actually meant to work, even if SpamAssassin is disabled.

    It would be nice if they did. It would also be nice if Plesk did not create the illusion of a functioning whitelist and blacklist, if, in fact, these functions are not working.
     
  7. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,571
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Of course white/black lists are supposed to actually work (checkboxes have been drawn in the interface not only for appearance). Is there an actual problem with enough details so we could investigate and act upon it?
     
  8. hgmichna

    hgmichna Basic Pleskian

    24
    23%
    Joined:
    Oct 3, 2008
    Messages:
    69
    Likes Received:
    0
    Location:
    Munich, Germany
    Here I am talking about the blacklist at Settings, Spam Filter Settings, Blacklist. The blacklist is supposed to accept mail addresses including wildcard characters.

    On my server this blacklist appears to be totally ineffective. Spam mails from addresses that are in the blacklist actually get through.

    I am not sure which address the server checks. Is it the From address or the Sender address? Or the Reply-To address? Or any of them? But I have tried all of them and none has worked.

    SpamAssassin is not working. I have not purchased a license key. I hope that SpamAssassin is not needed for the blacklist and whitelist.
     
  9. jhuedder

    jhuedder New Pleskian

    22
    73%
    Joined:
    Sep 23, 2004
    Messages:
    24
    Likes Received:
    0
    Is there any workaround like adding a parameter to main.cf that makes postfix accepting mail from authenticated users even if their IP is on a DNSBL (e.g. because it's dynamic)?

    I have that problem fpr example on smartphones that come through a proxy of their mobile provider. Those proxies are almost every time on lists like sbl.spamhaus.org or xbl.spamhaus.org which prevents them from sending mail from their mobile devices.

    Thanks, Jörg
     
    Last edited: Jul 11, 2011
  10. hgmichna

    hgmichna Basic Pleskian

    24
    23%
    Joined:
    Oct 3, 2008
    Messages:
    69
    Likes Received:
    0
    Location:
    Munich, Germany
Loading...