Posted by Most of spam email sent from public IP who did not have PTR/Reverse DNS. What is PTR/Reverse DNS, you can find more information from Wikipedia 😀 : https://en.wikipedia.org/wiki/Reverse_DNS_lookup
If you have Zimbra and want to enable PTR/Reverse DNS lookup for incoming, you can perform the following command
su - zimbra zmprov mcf +zimbraMtaRestriction "reject_unknown_client_hostname"
Please wait few minutes until Zimbra Postfix reload. Or you can also reloading Postfix manually 😉
Good luck and hopefully useful 🙂
Hi Iman,
i enabled DNS check but i want to receive email from server which does not configure reverse DNS. How can i do that ?
thanks
Hi,
you can whitelist specific IP address as mentioned from this guidance : https://wiki.zimbra.com/wiki/IP_Address_whitelisting
Hi Mas Iman ,
saya sudah coba membaca link wiki di atas , saya untuk penerapan di zimbra 8.7.11 , bagaimana untuk membuat exception untuk ip yang di reject karena reverse domain nya unknown tapi kita tau itu email yang valid cuman belum di konfigurasi dengan baik .. , terimakash bnyak sebelum nya mas
Hi mas,
Bisa coba panduan yang ini https://www.vavai.com/tips-zimbra-blacklist-rbl-whitelist-ip-tertentu/. Bisa ganti tulisan hash menjadi lmdb
terimaksih banyak mas iman atas advice nya , sudah saya coba terapkan , *berikut list konfigurasi saya:
zimbra@mail:~$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: check_policy_service inet:127.0.0.1:10031
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override
*list exception di file postfix_rbl_override :
#ip email pajak.go.id
103.28.106.55 OK
103.28.106.91 OK
103.28.106.9 OK
103.28.106.152 OK
103.28.106.90 OK
103.28.106.151 OK
SVR-EXCH-DEV-01.intranetdev.pajak.go.id OK
tapi masih ada ip atau domain yang saya masukan di rbl_override masih ke reject , mohon saran nya , terimakaish banyak sebelum nya mas iman
*log email yang di reject
Mar 12 08:16:34 mail postfix/smtpd[14716]: NOQUEUE: reject: RCPT from unknown[103.28.106.55]: 450 4.7.25 Client host rejected: cannot find your hostname, [103.28.106.55]; from= to= proto=ESMTP helo=
Hi mas,
Coba konfigurasikan baris check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override diposisi paling atas
Hi mas iman, terimaksih banyak atas respon nya , sudah saya coba posisikan di atas , baris check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override nya ,
zimbra@mail:~$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: check_policy_service inet:127.0.0.1:10031
zimbraMtaRestriction: check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
tapi masih di reject mas email yang coba saya white list
Mar 17 09:13:58 mail postfix/smtpd[21290]: NOQUEUE: reject: RCPT from unknown[114.5.55.8]: 450 4.7.25 Client host rejected: cannot find your hostname, [114.5.55.8]; from= to= proto=ESMTP helo=
mohon saran nya, terimaksih banyak sebelum nya 🙂
Hi mas Aldy,
Hhmm, agak aneh sih mas. Mungkin bisa info ke Admin email pengirim agar dibuatkan PTR nya. Cara tersebut lebih aman dan rekomendasi menurut saya
Really thanks for these posts have served me a lot and work perfectly!!!.