Whitelist specific domain from Spamhaus SBLCSS

bond007 · July 18, 2022, 9:14pm

Hello,

I’ve searched for ‘SBLCSS’ on the forum but wasn’t able to find how I can whitelist domains in my MiaB installation from this Spamhaus query. I have a customer that mentioned a specific domain was blocked multiple times.

In the logs it states the following:
Jul 17 00:00:00 mail postfix/smtpd[8940]: NOQUEUE: reject: RCPT from <host>[<ipv6>]: 554 5.7.1 Service unavailable; Client host [<ipv6>] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from=<info@domain.tld> to=<mailbox@sample.tld> proto=ESMTP helo=<host>

How can I whitelist a specific domain? Thanks in advance!

openletter · July 18, 2022, 9:36pm

It’s one of these two lines in /etc/postfix/main.cf:

smtpd_sender_restrictions=reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023

I think it’s smtpd_recipient_restrictions, so you 'd have to figure out a way to bypass the check for an address or domain.

According to postconf(5), smtpd_relay_restrictions is processed before smtpd_recipient_restrictions, so if you follow my unsupported modification guide on blocklists:

But instead add to /etc/postfix/sender_access using OK action:

username@example.com	OK
example.net				OK

I think postfix will accept the message for delivery.

bond007 · July 19, 2022, 8:50pm

Thanks, I have performed those suggested changes. I hope it helps, I’ll let you know when I hear from them.

system · August 28, 2022, 8:50pm

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.