Since the upgrade to ispconfig 3.2 I cannot send any mails anymore. It seems that my mail server does not accept the mail because my IP address (at home) is on the blacklist of Spamhaus (My ISP, Provider). Error Mail-log: Code: Oct 22 13:52:22 server2 postfix/submission/smtpd[16487]: NOQUEUE: reject: RCPT from ip-777-777-777-777.net[777.777.777.777]: 554 5.7.1 Service unavailable; Client host [777.777.777.777] blocked using 2nsumfdkkjwhd02.zen.dq.spamhaus.net; https://www.spamhaus.org/query/ip/777.777.777.777; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.1.223]> Before the update, the ip was also in spamhaus BL, but the server didn't check the sender. Where do I turn off the check? Thank you guys postconf -n Code: address_verify_negative_refresh_time = 60s address_verify_sender_ttl = 15686s alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases append_dot_mydomain = no biff = no body_checks = regexp:/etc/postfix/body_checks broken_sasl_auth_clients = yes compatibility_level = 2 dovecot_destination_recipient_limit = 1 enable_original_recipient = yes greylisting = check_policy_service inet:127.0.0.1:10023 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all inet_protocols = all mailbox_size_limit = 0 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 message_size_limit = 0 milter_default_action = accept milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_protocol = 6 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = server2.hostname.com, localhost, localhost.localdomain myhostname = server2.hostname.com mynetworks = 127.0.0.0/8 [::1]/128 myorigin = /etc/mailname nested_header_checks = regexp:/etc/postfix/nested_header_checks non_smtpd_milters = inet:localhost:11332 owner_request_special = no proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_s$ readme_directory = /usr/share/doc/postfix recipient_delimiter = + relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf relayhost = sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtp_dns_support_level = dnssec smtp_tls_exclude_ciphers = RC4, aNULL smtp_tls_protocols = !SSLv2,!SSLv3 smtp_tls_security_level = dane smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_message_rate_limit = 100 smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, reject_rbl_client 2nsumfdkkjwhd02.zen.dq.spamhaus.net, reject_rbl_client bl.spamcop.net, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client mail.de.bl.blockli$ smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, permit smtpd_milters = inet:localhost:11332 smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/m$ smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_restriction_classes = greylisting smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_exclude_ciphers = RC4, aNULL smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 tls_preempt_cipherlist = no transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
It's this line: Code: smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, reject_rbl_client 2nsumfdkkjwhd02.zen.dq.spamhaus.net, reject_rbl_client bl.spamcop.net, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client mail.de.bl.blockli$ Remove the part with: reject_rbl_client 2nsumfdkkjwhd02.zen.dq.spamhaus.net, More info here: https://www.howtoforge.com/hardening-postfix-for-ispconfig-3#dnsbl-dns-based-blacklistblocklist Another way is to whitelist your sending IP-address.
The uneditable rbl is a bug in 3.2, it will be fixed in 3.2.1. You can apply the fix suggested by @Taleman as a temporary workaround. Furthermore, @Jesse Norell mentioned the real problem
Are you sending on port 25? Ports 465 and 587 should be used for mail submission, they don't have the rbl checks.
Thank you, worked, mails sent again. Thank you, i edit the main.cf and waiting for 3.2.1 No using SSL on 993/587 Please Tag it as [Solved] Thanks for helping, i wanna spend a little amount of Euros, is there a Donation Button (Patreon or similar)
Good to hear. There is currently no donation button, but you can become a HowToForge subscriber: https://www.howtoforge.com/subscription/
