Allowing PBL'ed IP addresses in Postfix
Hi, Has anyone had experience with configuring Postfix to allow inbound client SMTP connections from NZ-based IP addresses that have been Policy Block Listed (PBL'ed) by their ISP? Spark have PBL'ed most or all of their home and small business fibre/*DSL connection IP addresses. 2degrees have PBL'ed most/all of their cellular data IP addresses. I'm trying to support a user to send email from their cellphone email client. Cheers David
Ooof sorry David, I haven't had experience with that exactly. However I did have occasion to phone CallPlus once, and ask them to remove a client's static IP from their PBL. It was altogether an easy process: "Hi, one of my clients uses your broadband service, and they can't send outbound mail from their on-prem mail server." "Okay we'll just remove that IP from our PBL. It will take a few hours to replicate." ... that's it. It was a few years back now, but it was pretty straightforward. E -------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es On Mon, 20 Jul 2020, at 22:03, David McNab wrote:
Hi,
Has anyone had experience with configuring Postfix to allow inbound client SMTP connections from NZ-based IP addresses that have been Policy Block Listed (PBL'ed) by their ISP?
Spark have PBL'ed most or all of their home and small business fibre/*DSL connection IP addresses.
2degrees have PBL'ed most/all of their cellular data IP addresses.
I'm trying to support a user to send email from their cellphone email client.
Cheers
David
_______________________________________________ wlug mailing list -- wlug(a)list.waikato.ac.nz | To unsubscribe send an email to wlug-leave(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz
Yep, it's all good as long as the IP is static. Big of an issue when the IP is inherently dynamic, eg when connecting from email client via cell data connection. Cheers David On 20/07/20 10:23 pm, Eric Light wrote:
Ooof sorry David, I haven't had experience with that exactly.
However I did have occasion to phone CallPlus once, and ask them to remove a client's static IP from their PBL. It was altogether an easy process:
"Hi, one of my clients uses your broadband service, and they can't send outbound mail from their on-prem mail server." "Okay we'll just remove that IP from our PBL. It will take a few hours to replicate."
... that's it. It was a few years back now, but it was pretty straightforward.
E
-------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es
On Mon, 20 Jul 2020, at 22:03, David McNab wrote:
Hi,
Has anyone had experience with configuring Postfix to allow inbound client SMTP connections from NZ-based IP addresses that have been Policy Block Listed (PBL'ed) by their ISP?
Spark have PBL'ed most or all of their home and small business fibre/*DSL connection IP addresses.
2degrees have PBL'ed most/all of their cellular data IP addresses.
I'm trying to support a user to send email from their cellphone email client.
Cheers
David
_______________________________________________ wlug mailing list -- wlug(a)list.waikato.ac.nz | To unsubscribe send an email to wlug-leave(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz
_______________________________________________ wlug mailing list -- wlug(a)list.waikato.ac.nz | To unsubscribe send an email to wlug-leave(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz
On Mon, 20 Jul 2020 22:03:23 +1200, David McNab wrote:
Has anyone had experience with configuring Postfix to allow inbound client SMTP connections from NZ-based IP addresses that have been Policy Block Listed (PBL'ed) by their ISP?
Isn’t this a matter of the smtpd_sender_restrictions config option? I assume you have an entry in there that is applying the Policy Block List; simply put another entry before that one, that allows the sender to connect based on other criteria. <http://www.postfix.org/postconf.5.html>
Has anyone had experience with configuring Postfix to allow inbound client SMTP connections from NZ-based IP addresses that have been Policy Block Listed (PBL'ed) by their ISP?
Spark have PBL'ed most or all of their home and small business fibre/*DSL connection IP addresses.
2degrees have PBL'ed most/all of their cellular data IP addresses.
I'm trying to support a user to send email from their cellphone email client.
Angus contacted me with this: "Could let him know that the best way around ISP port 25 blocks is to have Postfix listen on SMTP Submission port 587. Bonus is encryption. If he wants to strip the originating mobile IP entirely... https://serverfault.com/questions/413533/remove-hide-client-sender-ip-from-p..." Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
On 31/07/20 8:11 pm, Peter Reutemann wrote:
Has anyone had experience with configuring Postfix to allow inbound client SMTP connections from NZ-based IP addresses that have been Policy Block Listed (PBL'ed) by their ISP?
Spark have PBL'ed most or all of their home and small business fibre/*DSL connection IP addresses.
2degrees have PBL'ed most/all of their cellular data IP addresses.
I'm trying to support a user to send email from their cellphone email client. Angus contacted me with this:
"Could let him know that the best way around ISP port 25 blocks is to have Postfix listen on SMTP Submission port 587. Bonus is encryption.
If he wants to strip the originating mobile IP entirely... https://serverfault.com/questions/413533/remove-hide-client-sender-ip-from-p..."
Cheers, Peter
My user was connecting to port 587. But, as it turns out, she had claimed to have entered the auth password, but in fact, did not. That's why *permit_sasl_authenticated* wasn't taking effect, leaving Postfix to consult the RBLs. A series of screenshots and patient narrative later, and she's sending/receiving just fine. D
participants (4)
-
David McNab -
Eric Light -
Lawrence D'Oliveiro -
Peter Reutemann