Need help setting up Spamhaus

Did you have a look at my workaround? Spamhaus Config

mailcow communityDiscussion

Spamhaus Config

DocFraggle

44 3 Jul 30, 2023

It’s in German, but you’ll get what I’m doing there

fyi:
log was showing

error: open database /opt/postfix/conf/dnsbl_reply.map.db: No such file or directory

postmap /opt/postfix/conf/dnsbl_reply.map (in Container)

need to run afterwards to create the db

KaiserN yes, I wrote that in my workaround

looks like since postfix restarted by itself the following showed up in the log file, just a warning so no problem.

warning: database /opt/postfix/conf/dnsbl_reply.map.db is older than source file /opt/postfix/conf/dnsbl_reply.map

did u fixed it somehow? or just ignore and hope it will be fixed if mailcow fixed the spamhaus setup routine?

KaiserN did u fixed it somehow?

No, I didn’t even notice that yet
I’m confused, it seems I myself added the dnsbl_reply file to Mailcow with this Commit
mailcow/mailcow-dockerized9f39af4

So the only thing missing is creating the postmap file while/after deploying the container

ohh shiiiiit. il fucked up the file name in postmap guess… il added the .map to the end somehow

recreated, now i got

dnsbl_reply
dnsbl_reply.db
dnsbl_reply.map

KaiserN OK, there is a slight misunderstanding concerning the files

the dns_reply.map file is created while starting the Postfix container:

mailcow/mailcow-dockerizedblob/master/data/Dockerfiles/postfix/postfix.sh#L441-L449

It just contains the “normal” DQS config, which leads to not all tests being green.

In my workaround, I created an extra file named “dnsbl-reply-map ” (should use another name…) which contains the extra config:

XXXXXXXXXXXXXXXXXXXXX.sbl.dq.spamhaus.net=127.0.0.[2..255]      $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using sbl.spamhaus.org${rbl_reason?; $rbl_reason}
XXXXXXXXXXXXXXXXXXXXX.xbl.dq.spamhaus.net=127.0.0.[2..255]      $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using xbl.spamhaus.org${rbl_reason?; $rbl_reason}
XXXXXXXXXXXXXXXXXXXXX.pbl.dq.spamhaus.net=127.0.0.[2..255]      $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using pbl.spamhaus.org${rbl_reason?; $rbl_reason}
XXXXXXXXXXXXXXXXXXXXX.sbl-xbl.dq.spamhaus.net=127.0.0.[2..255]  $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using sbl-xbl.spamhaus.org${rbl_reason?; $rbl_reason}
XXXXXXXXXXXXXXXXXXXXX.zen.dq.spamhaus.net=127.0.0.[2..255]      $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using zen.spamhaus.org${rbl_reason?; $rbl_reason}
XXXXXXXXXXXXXXXXXXXXX.dbl.dq.spamhaus.net=127.0.1.[2..99]       $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using dbl.spamhaus.org${rbl_reason?; $rbl_reason}
XXXXXXXXXXXXXXXXXXXXX.zrd.dq.spamhaus.net=127.0.2.[2..24]      $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using zrd.spamhaus.org${rbl_reason?; $rbl_reason}

This file has to be hashed with the posthash command before starting postfix AND it has to be referenced in the config via

rbl_reply_maps = hash:/opt/postfix/conf/dnsbl-reply-map

I just don’t have the time currently to implement it properly

The solution is: add the DQOS key to mailcow.conf, then create an extra.cf under /data/conf/postfix and add the following content there:
smtpd_recipient_restrictions =
reject_rhsbl_sender xxxxxxx.dbl.dq.spamhaus.net=127.0.1.[2..99],
reject_rhsbl_helo xxxxxxx.dbl.dq.spamhaus.net=127.0.1.[2..99],
reject_rhsbl_reverse_client xxxxxxx.dbl.dq.spamhaus.net=127.0.1.[2..99],
reject_rhsbl_sender xxxxxxx.zrd.dq.spamhaus.net=127.0.2.[2..24],
reject_rhsbl_helo xxxxxxx.zrd.dq.spamhaus.net=127.0.2.[2..24],
reject_rhsbl_reverse_client xxxxxxx.zrd.dq.spamhaus.net=127.0.2.[2..24],
reject_rbl_client xxxxxxx.zen.dq.spamhaus.net=127.0.0.[2..255]

Sorry for my bad English