1 Topic by Richard.Horan (edited by Richard.Horan 2023-10-07 17:31:52)

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 9

Topic: How to whitelist domains? I can't get white listing to work.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.5
- Deployed with iRedMail Easy or the downloadable installer? downloaded
- Linux/BSD distribution name and version: Ubuntu 22.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Oct  6 10:38:58 mail postfix/postscreen[7893]: warning: cidr map /etc/postfix/postscreen_access.cidr, line 4: bad address pattern: "verizon.com": skipping this rule
Oct  6 10:38:58 mail postfix/postscreen[7893]: warning: cidr map /etc/postfix/postscreen_access.cidr, line 5: bad address pattern: "pcmatic.com": skipping this rule
Oct  6 10:38:58 mail postfix/postscreen[7893]: warning: cidr map /etc/postfix/postscreen_access.cidr, line 6: bad address pattern: "xcitium.com": skipping this rule
Oct  6 10:38:58 mail postfix/postscreen[7893]: warning: cidr map /etc/postfix/postscreen_access.cidr, line 7: bad address pattern: "mspalliance.com": skipping this rule

How do I fix this to whitelist these domains?  What am doing wrong?

In postcreen_access.cidr:

# Rules are evaluated in the order as specified.
#1.2.3.4 permit
#2.3.4.5 reject
verizon.com permit
pcmatic.com permit
xcitium.com permit
mspalliance.com permit
# Permit local clients
127.0.0.0/8 permit

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Richard.Horan (edited by Richard.Horan 2023-10-06 22:08:12)

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 9

Re: How to whitelist domains? I can't get white listing to work.

I created a file:
rbl_override with
verizon.com OK
pcmatic.com OK

#chown root:postfix rbl_override
#postmap rbl_override
and modified main.cf

smtpd_sender_restrictions =
    reject_non_fqdn_sender
    reject_unlisted_sender
    permit_mynetworks
    permit_sasl_authenticated
    check_sender_access pcre:/etc/postfix/sender_access.pcre
    check_sender_access hash:/etc/postfix/rbl_override
    reject_unknown_sender_domain

I hope this works.

3 Reply by Richard.Horan

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 9

Re: How to whitelist domains? I can't get white listing to work.

Oct  7 05:26:33 mail postfix/postscreen[41582]: CONNECT from [63.27.6.26]:10400 to [172.24.1.159]:25
Oct  7 05:26:34 mail postfix/dnsblog[41584]: addr 63.27.6.26 listed by domain zen.spamhaus.org as 127.255.255.254
Oct  7 05:26:39 mail postfix/postscreen[41582]: PASS NEW [63.27.6.26]:10400
Oct  7 05:26:40 mail postfix/smtpd[41586]: warning: hostname ecrmout1-tpa.verizon.com does not resolve to address 63.27.6.26: Name or service not known
Oct  7 05:26:40 mail postfix/smtpd[41586]: connect from unknown[63.27.6.26]
Oct  7 05:26:41 mail postfix/smtpd[41586]: Anonymous TLS connection established from unknown[63.27.6.26]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct  7 05:26:42 mail postfix/smtpd[41586]: NOQUEUE: reject: RCPT from unknown[63.27.6.26]: 450 4.7.1 <wlnecrmtpasmtp01.verizon.com>: Helo command rejected: Host not found; from=<ecrm-bounces@ecrm-mail.verizon.com> to=<richard@horan.email> proto=ESMTP helo=<wlnecrmtpasmtp01.verizon.com>
Oct  7 05:26:48 mail postfix/smtpd[41586]: disconnect from unknown[63.27.6.26] ehlo=2 starttls=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=6/7

My fix does not work.  I am still unable to recieve emails from verizon.com.  The above is my maillog.  How do I fix this?

4 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 821

Re: How to whitelist domains? I can't get white listing to work.

did you even check the docs?

https://docs.iredmail.org/manage.iredapd.html

5 Reply by Richard.Horan (edited by Richard.Horan 2023-10-09 04:20:52)

  • Richard.Horan
  • Member
  • Offline
  • Registered: 2023-10-05
  • Posts: 9

Re: How to whitelist domains? I can't get white listing to work.

Cthulhu wrote:

did you even check the docs?

https://docs.iredmail.org/manage.iredapd.html

Thank you.  I hope that works  I use that whitlisting, but none of the rejected emails are going into spam/junk folders which is a concern regarding white/black listing.  How can I get it to send emails to spam/junk and not delete them?

6 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 821

Re: How to whitelist domains? I can't get white listing to work.

btw:

127.255.255.254 as spamhaus response means, that you are useing a public DNS to resolve and thus you get rejected, you cannot do that and use either your own resolver, or one of your providers

7 Reply by Cthulhu (edited by Cthulhu 2023-10-09 04:57:22)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 821

Re: How to whitelist domains? I can't get white listing to work.

rejected mails get rejected, they are not deleted, they just never ever get accepted

aswell:

wlnecrmtpasmtp01.verizon.com

this hostname does not exist, don't know why verizon mailservers use invalid HELO