Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: rukiddin2
rukiddin2 Author
User level: Level 1
5 points

SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com

I never had this problem before, but recently I moved my server to a new location, and as I was testing all my DNS and other settings using www.DNSREPORT.com, the MAIL portion of the test is giving a FAIL due to the fact that the server times out before a response can be given. When I disable the Blacklist filters, the test passes fine.

When I test the blacklist with the SPAMHAUS method, it seems to work.

Does this test fail for everyone? or is this problem just mine? I still seem to get mail (seems slow though) when I have the blacklists enabled. I need to determine if I should keep the blacklists enabled, disable them, or is this something that could be running better and just needs reconfigured?

Any help would be appreciated (especially if someone else can tell me that their blacklists are enabled and they pass the DNSREPORT test)

Mike

PowerMac G4 500Mhz, Mac OS X (10.4.7)

Posted on Jul 14, 2006 4:13 PM

Reply
10 replies
User profile for user: rukiddin2
rukiddin2 Author
User level: Level 1
5 points

Jul 16, 2006 4:07 PM in response to rukiddin2

It's still failing.. (or at least timing out). The IP address is not listed as being bad at SPAMHAUS.

All the other listings on DNSREPORT are reporting back as perfectly fine. Not even a single warning. So my IP address, DNS Settings, etc. should all be correct.

The second I disable the black list filtering, the Mail portion of the DNS report passes (and does so extremely fast)

Could this be a performance issue? I'm running the server on a Power Mac G4 500Mhz, with 1GB of ram. Everything else seems fine, it's just the black list that isn't working.

Please, help me fix this. My junkmail has more than quadrupled since I disabled it.

Thanks

Mike
Reply
User profile for user: rukiddin2
rukiddin2 Author
User level: Level 1
5 points

Jul 16, 2006 10:13 PM in response to rukiddin2

Here it is.. feel free to tell me anything else you see that is wrong too.

command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
enable serveroptions = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
message sizelimit = 0
mydestination = $myhostname,localhost.$mydomain,localhost,mail.jumico.com,10.1.1.125,64.58.179. 233,castlewoodholdings.com,jumico.com
mydomain = jumico.com
mydomain_fallback = localhost
myhostname = mail.jumico.com
mynetworks = 127.0.0.1/32,192.168.0.0/24,68.122.22.50/32,68.122.22.51/32,64.58.179.233/32,10 .1.0.0/24
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd clientrestrictions = permit_mynetworks reject rblclient sbl-xbl.spamhaus.org permit
smtpd pw_server_securityoptions = plain,login
smtpd recipientrestrictions = permit sasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpd sasl_authenable = yes
smtpd tls_keyfile =
smtpd use_pwserver = yes
unknown local_recipient_rejectcode = 550
virtual mailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp
Reply
User profile for user: davidh
davidh
User level: Level 4
1,890 points

Jul 17, 2006 7:44 PM in response to rukiddin2

well,

If your server is behind a Router/NAT, then why are you listing both the private (RFC 1918) address and the public one ? That won't work like you think.
http://www.faqs.org/rfcs/rfc1918.html

And why are we seeing 192.168.0.0/24 in mynetworks, after you've placed
10.1.1.125 in mydestination ?

mydestination should not have IP addresses in it.
mydestination = $myhostname, $mydomain, localhost.$mydomain, jumico.com, castlewoodholdings.com

see http://www.postfix.org/BASICCONFIGURATIONREADME.html#mydestination

Also, why are we seeing 68.122.22.50/32,68.122.22.51/32 in "mynetworks" when your server is at 64.58.179.233 ?

Besides, 68.122.22.50/32,68.122.22.51/32 is probably not what you intend.

How are you handling internal (private/LAN/RFC 1918) addressing re: DNS, vs. your public-facing IP ?
Reply
User profile for user: rukiddin2
rukiddin2 Author
User level: Level 1
5 points

Jul 20, 2006 12:28 PM in response to davidh

Here is the new and improved output from the postconf -n command. I think I've cleared up every issue you raised. I even added the proxy_interfaces = 64.58.179.233 command which I believe answers your last question.

The 68.122.22.51 address is a location of users that need to be able to send and recieve mail through the server. The 10.1.1.0/24 is the subnet behind a NAT/Router.

Everything appears to be working great EXCEPT the filters. the WWW.DNSREPORT.COM website still failes to connect to my mail server when I have any blacklist filter enabled.

command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
enable serveroptions = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
message sizelimit = 0
mydestination = $myhostname,localhost.$mydomain,castlewoodholdings.com,jumico.com,mail.jumico.c om
mydomain = jumico.com
mydomain_fallback = localhost
myhostname = mail.jumico.com
mynetworks = 127.0.0.1/32,68.122.22.51/32,64.58.179.233/32,10.1.1.0/24
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
proxy_interfaces = 64.58.179.233
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd clientrestrictions = permit_mynetworks reject rblclient sbl-xbl.spamhaus.org permit
smtpd pw_server_securityoptions = none
smtpd recipientrestrictions = permit mynetworks,reject_unauthdestination,permit
smtpd sasl_authenable = no
smtpd tls_keyfile =
smtpd use_pwserver = no
unknown local_recipient_rejectcode = 550
virtual mailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp
Reply
User profile for user: rukiddin2
rukiddin2 Author
User level: Level 1
5 points

Jul 20, 2006 4:52 PM in response to davidh

While not giving the answer, enough clues were provided to where I finally solved my problem.

The link you provided mentioned that AT&T's DNS servers didn't allow blacklist lookups, so I decided to enable the DNS on the server itself, enable recursive lookups, and had it use itself as a DNS server, and BANG, everything worked! So it was my DNS provider that was causing all my issues. Go figure.

Just an FYI, the DNS provider was COX business services, so if anyone else has a similar problem and you use cox, now you know how to fix it.

Thanks for the help! Now to nail down my SMTP authentication issues...

Mike
Reply

SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up