Can't send mails from mobile devices / spamhaus

Discussion in 'Installation/Configuration' started by muelli75, Mar 28, 2022.

  1. muelli75

    muelli75 Member


    After I changed the yesterday according to the recommendations of Spamhaus,
    no more emails can be sent from mobile devices.

    From Thunderbird the message is:
    "Senden der Nachricht ist fehlgeschlagen
    Fehler beim Senden der Nachricht.
    Der Mail-Server antwortete:
    Client host 91.114.18X.XXX blocked using ZEN - see for details.
    Bitte überprüfen Sie die E-Mail Adresse des Empfängers "[email protected]" und wiederholen Sie den Vorgang."

    My (part of)

    smtpd_recipient_restrictions =
            reject_rbl_client [2..11],
            reject_rhsbl_helo [2..99],
            reject_rhsbl_helo [2..24],
        permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination,
        check_recipient_access proxy:mysql:/etc/postfix/, check_recipient_access mysql:/etc/postfix/, check_policy_service unix:private/quota-status
    rbl_reply_maps = hash:/etc/postfix/dnsbl-reply-map
    Mar 28 05:40:55 tesoro postfix/smtpd[2651]: connect from[]
    Mar 28 05:40:56 tesoro postfix/smtpd[2651]: NOQUEUE: filter: RCPT from[]: <office@XXX>: Sender address triggers FILTER lmtp:[]:10026; from=<office@XXXat> to=<[email protected]> proto=ESMTP helo=<[]>
    Mar 28 05:40:56 tesoro postfix/smtpd[2651]: NOQUEUE: reject: RCPT from[]: 554 5.7.1 Client host blocked using ZEN - see for details; from=<office@XXX> to=<[email protected]> proto=ESMTP helo=<[]>
    Mar 28 05:41:01 tesoro postfix/smtpd[2651]: lost connection after RCPT from[]
    Mar 28 05:41:01 tesoro postfix/smtpd[2651]: disconnect from[] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 commands=5/6
    After I researched, the references point to a missing/incorrect login to the server. But I can exclude Open Relay (mxtoolbox).

    If I remove the line
            reject_rbl_client [2..11],
    sending is possible. But this is not the goal.

    How do I configure the correctly so that I can send emails from mobile devices?

    Thanks for your help!
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Add the Spamhaus blacklist via ISPConfig instead.
    - Undo the current changes
    - In the panel, go to System -> Server Config -> -> Mail
    - Add the blacklists you want to add at the option "Real-time Blackhole List"
  3. muelli75

    muelli75 Member

    Thank you Th0m! That fixed.
    Th0m likes this.
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Note this works for that one entry because it uses reject_rbl_client, which is the same restriction list as ISPConfig will add; all the other lists use a different restriction lists and will not utilize the spamhaus lists correctly. The reason this change worked for you is because ISPConfig adds the "reject_rbl_client ..." after some other smtpd_recipient_list restrictions (permit_mynetworks, permit_sasl_authenticated, etc.) which allow the client to send - what you should do is keep the restriction lists they provided, but reorder your restrictions so authenticated clients aren't blocked, etc.

    You might also want to ensure your users send on port 465 or 587 and configure the smtpd_recipient_restrictions there (in for them to be able to send, and then leave the default smtpd_recipient_restrictions (in much more restrictive (port 25 is for server to server mail, not for authenticated clients).

Share This Page