1 Topic by tech-otaku

  • tech-otaku
  • Member
  • Offline
  • Registered: 2019-10-22
  • Posts: 27

Topic: Unable to Whitelist Sender Address

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.0 MYSQL edition
- Deployed with iRedMail Easy or the downloadable installer?Downloadable Installer
- Linux/BSD distribution name and version: Ubuntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro?No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

My mail server is rejecting mail from steve@site.techotaku.com with the message "Recipient address rejected: Blacklisted; from=<steve@site.techotaku.com> to=<steve@patchpeters.com>":

Feb  4 10:45:01 mail postfix/postscreen[25725]: CONNECT from [94.130.177.167]:53488 to [78.47.4.127]:25
Feb  4 10:45:01 mail postfix/postscreen[25725]: PASS OLD [94.130.177.167]:53488
Feb  4 10:45:01 mail postfix/smtpd[25728]: connect from static.167.177.130.94.clients.your-server.de[94.130.177.167]
Feb  4 10:45:01 mail postfix/smtpd[25728]: Anonymous TLS connection established from static.167.177.130.94.clients.your-server.de[94.130.177.167]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
Feb  4 10:45:01 mail postfix/smtpd[25728]: NOQUEUE: reject: RCPT from static.167.177.130.94.clients.your-server.de[94.130.177.167]: 554 5.7.1 <steve@patchpeters.com>: Recipient address rejected: Blacklisted; from=<steve@site.techotaku.com> to=<steve@patchpeters.com> proto=ESMTP helo=<site.techotaku.com>
Feb  4 10:45:01 mail postfix/smtpd[25728]: disconnect from static.167.177.130.94.clients.your-server.de[94.130.177.167] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8

I've tried to whitelist the sender address (from=<steve@site.techotaku.com>) with the following but none of them appear to work:

wblist_admin.py --account steve@patchpeters.com --add --whitelist steve@site.techotaku.com
wblist_admin.py --add --whitelist @site.techotaku.com
wblist_admin.py --add --whitelist 94.130.177.167

Now I'm not sure I'm reading the message "Recipient address rejected: Blacklisted; from=<steve@site.techotaku.com> to=<steve@patchpeters.com>" correctly. Is Postfix blacklisting the sender's address or the recipient's address?

If it's the recipients address, then why is it blacklisting a perfectly valid email address that exists on the mail server? If it's blacklisting the sender's address how can I successfully whitelist this sender?

I've read on this forum that /var/log/iredapd.log can help in solving this issue, but that log doesn't exist on my server.

Any help is greatly appreciated.

Regards, Steve.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by tech-otaku

  • tech-otaku
  • Member
  • Offline
  • Registered: 2019-10-22
  • Posts: 27

Re: Unable to Whitelist Sender Address

O.K. My bad. I was able to find the iredapd.log at /var/log/iredapd/iredapd.log. The relevant message from that log is

Feb  4 10:45:01 mail iredapd Reverse client hostname is blacklisted: .clients.your-server.de
Feb  4 10:45:01 mail iredapd [94.130.177.167] RCPT, steve@site.techotaku.com -> steve@patchpeters.com, REJECT Blacklisted [sasl_username=, sender=steve@site.techotaku.com, client_name=static.167.177.130.94.clients.your-server.de, reverse_client_name=static.167.177.130.94.clients.your-server.de, helo=site.techotaku.com, encryption_protocol=TLSv1.3, encryption_cipher=TLS_AES_256_GCM_SHA384, server_port=25, process_time=0.0150s]

So it appears the hostname '.clients.your-server.de' is blacklisted.

Is it possible to whitelist a hostname?

Regards, Steve.

3 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 826

Re: Unable to Whitelist Sender Address

The ptr points to a dynamic IP, it is blacklisted in /etc/postfix/helo_access.pcre

Just set a valid rDNS for 167.177.130.94

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Unable to Whitelist Sender Address

- Reverse DNS (rDNS) name ".clients.your-server.de" is blacklisted in iRedAPD, you can find it in SQL table "iredapd.wblist_rdns".
- This rDNS name is offered by ISP and maps to dynamic IP. A (serious) mail server should has a static IP address and a static/valid rDNS name, otherwise it will be most DNSBL services treated as spammer.
- If your end user was sending email from this dynamic IP address, he/she should enable SMTP authentication in the MUA, then it will be passed for rDNS check and no blacklist at all.

The conclusion is: don't whitelist it. Just do nothing and let it be rejected.

5 Reply by tech-otaku

  • tech-otaku
  • Member
  • Offline
  • Registered: 2019-10-22
  • Posts: 27

Re: Unable to Whitelist Sender Address

Thank you to both.

I went with the advice from Cthulhu and set a valid PTR record for the sending server which worked despite emails being passed as SPAMMY as ZhangHuangbin had suggested.

Regards, Steve.

6 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 826

Re: Unable to Whitelist Sender Address

if it is marked as SPAMMY, what does the mail headers show?