Need someone to check their mail.log for me please

[RandomUsername]

Here's the deal; I've been running my B2 as a mail server for over a year now pretty much as it came out of the box. I've not given it much thought, "It just works".

However, the other day a family member mentioned that an email she sent to me got rejected so since then I've been scrutinising my logs a bit (hence a couple of similar questions from me regarding logs in the last few days).

Anyway, I've seen in my mail.log quite a few emails rejected because the default install has address verification set up against a few RBLs - something I wasn't aware of until I starting poking around.

Since then, I've seen a couple of false positives in my logs (along with lots of genuine rejects for spam).

Most rejected email messages look similar to this:

Code: Select all

Apr  7 05:57:53 server postfix/smtpd[14485]: NOQUEUE: reject: RCPT from unknown[190.156.38.198]: 554 5.7.1 Service unavailable; Client host [190.156.38.198] blocked using dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?190.156.38.198; from=<[email protected]> to=<myemail> proto=ESMTP helo=<Dynamic-IP-19015638198.cable.net.co>

Now, I've two problems with this:

1. The vast majority of rejected emails come from the SORBS RBL but when I open the link in the log I can never get the information as to why it's blocked (it doesn't accept my captha responses, couldn't create an account) and;

2. They all have "Service unavailable" in them

So what service is unavailable? The RBL? I found a mailing list discussion that suggested that Postfix may reject emails if it can't access an RBL but that's just stupid and most people on the list agreed this isn't the default behaviour.

So if anyone's got any ideas and could also see if they get similar entries in their logs I'd be grateful.

Ta.

Darren.

[DanielM]

Well, actually, I don't need to check my logs to answer your question

I experienced the same problem some months ago. A friend sent mail from hotmail to me and I never got it. I commented out the dnsbl.sorbs.net from /etc/postfix/main.cf. I don't want any false positives in my mail filtering...

/Daniel

[Ubi]

yeah sorbs can be a bit difficult to work with, as there are no clear lines who gets listed or delisted (it's like the 4chan of mail filters). I removed dnsbl.sorbs from my production mailing servers (500 domains, about 2000 mail addresses ). What does work is the dul.sorbs.list, which contains dialup / dsl ip ranges. These people should not be operating mail servers, and the chance of spam from these ranges is near 100%.

at the moment my main.cf has
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,

This combination seems to work really well. In fact, I get hosting requests just for how solid my spam filtering works.

Ubi

[DanielM]

at the moment my main.cf has
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,

Thanks a lot for the tips! I've been starting to get spam lately. Let's hope it stops now

Btw, what about dnsbl.njabl.org? Is it any good?

/Daniel

[RandomUsername]

Thanks guys. After posting I found a few less than complimentary articles about SORBS so had already decided to remove it from my main.cf.

Any comments about the "service unavailable" part?

[RandomUsername]

Bah, I just knocked up the beginnings of a script that would add my google contacts to a whitelist in postfix to stop as many false positives. Got it all running on my Ubuntu box but when it came to installing GoogleCL on my Bubba 2 I got into dependency hell. Specifically the version of Python is too old. Come on Excito!

If any of you B3 owners are interested, I'll try to knock up a wiki page.