Smtpd check with zen.spamhaus.org

[Kai Schaetzl]

Carlo Granisso wrote on Mon, 26 Jan 2009 11:20:25 +0100:

> smtpd_recipient_restrictions = reject_unknown_address,

invalid postfix option

> reject_invalid_hostname, reject_non_fqdn_hostname,
> reject_unknown_sender_domain, reject_non_fqdn_sender,
> reject_unknown_sender_domain, reject_non_fqdn_recipient,

duplicate

> reject_unknown_recipient_domain, permit_mynetworks,
> reject_unauth_destination, reject_invalid_hostname,
> reject_unauth_pipelining,

usually not useful in this context

reject_invalid_helo_hostname,
> reject_non_fqdn_helo_hostname, reject_rbl_client list.dsbl.org,

this list is dead since long.

> reject_rbl_client cbl.abuseat.org,

included in zen, you may want to check the other RBLs for duplicats as well. 
You *should* also check the effectiveness. Querying an RBL 10.000 times for 5 
additional rejects is a waste. As a general rule of thumb I recommend not to 
use more than two or three RBLs at MTA.

reject_rbl_client dul.dnsbl.sorbs.net,
> reject_rbl_client zen.spamhaus.org, reject_rhsbl_client
> blackhole.securitysage.com, reject_rhsbl_sender blackhole.securitysage.com,

this list is dead since long.

Honestly, and in a friendly voice, your config looks a bit like you 
"assembled" and combined various options and RBLs from various "how to" 
sources without really knowing about them and never maintaining it since 
then.

As to your original question and assuming DSBL is not returning wildcard 
results, there are two possible reasons:
- there are no matches found
- you are blocked at spamhaus
- a timeout in the chain?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com