If you are administrating a mail server and use blacklists to block spam, sometimes you may have a problem with certain mail servers. This happens because a specific mail server was blacklisted. You can see that one server was blacklisted if you trace your maillog:
reject: RCPT from unknown[18.104.22.168]: 554 5.7.1 Service unavailable; Client host [22.214.171.124] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?126.96.36.199; from=<firstname.lastname@example.org> to=<email@example.com> proto=SMTP helo=<aimp.org>
In this example, the mail server 188.8.131.52 is blacklisted and therefore blocked (also in this case, message was spam and we won’t whitelist 184.108.40.206).
To whitelist servers, we need one file (for example /etc/postfix/rbl_whitelist) where we will list all IP addresses or host names marked for whitelist.
# nano /etc/postfix/rbl_whitelist
Every line should contain only one IP address or one hostname in next format
220.127.116.11 OK mail.mymail.com OK
Save file and then run:
# postmap /etc/postfix/rbl_whitelist
After you created whitelist in postfix format, open /etc/postfix/main.cf and search for the smtpd_recipient_restrictions parameter. Add
after reject_unauth_destination, but before the first blacklist.
Remember BEFORE the first blacklist or this won’t work.
smtpd_recipient_restrictions = reject_invalid_hostname, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access hash:/etc/postfix/rbl_whitelist, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, permit
The lines shown above is only example. Please check all those blacklist because some of them are not active any more….
And finally reload postfix with
# service postfix restart
# /etc/init.d/postfix restart
Remember that smtpd_recipient_restrictions section mentioned above is just for reference. Please double check this blacklists before you use them. (Some of them doesn’t work any more). Especially if you find this post 3 years after I wrote it…