Mailing List Message #15590
From: Stefan Jeglinski <>
Subject: postfix and zen vs sbl-xbl
Date: Tue, 29 Apr 2008 15:06:34 -0400
To: SIMS Discussions <>
Not sure this list is still even on-line... but wondering if the collective wisdom of those that know postfix can help me out understanding this.

I'm using postfix, and if I use

smtpd_client_restrictions = reject_rbl_client

I get virtually 100% rejection, whereas sbl-xbl seems to work more in accordance with my expectations (blocks spam, not every_one). The difference is that zen includes the PBL, which is not a blacklist per se. Of course, you find it everywhere said that you should replace sbl-xbl with zen.

However, when I query any number of the connecting IPs that are rejected, spamhaus claims that those IPs are not listed on either SBL, XBL, or PBL. And yet, the rejection occurs anyway. For example:


and then the sender gets this back: does not like recipient.
Remote host said: 554 5.7.1 Service unavailable; Client host
[] blocked using
Giving up on


I'm certain this is due to a misunderstanding on my part of how the PBL works or is intended to work. Or perhaps postfix? I read the spamhaus discussion on when not to use zen:

a) if you are doing "deep" header analysis

b) if you are using a smarthost or provide SMTP AUTH outbound

My server is not an ISP - it's just the mail server for my company. As such, it does do SMTP AUTH outbound for my users, but I seemed to not have any issues with that and zen. I do no relaying, so I'm not a smarthost, AFAICT. I accept connections from authenticated users, and then of course any MTA that is trying to send me mail. How is it that the latter is at cross-purposes with the PBL?

This can't be that hard, because googling seems not to find a lot of what I am describing.

Feeling Duncey,

Stefan Jeglinski

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster