Your SBL block is not working! - howto solve this spam milter error in your reject_rbl_client zen.spamhaus.org postfix configuration

How to test your spam block from zen.spamhaus.org

If ZEN is new to you, zen.spamhaus.org includes SBL, XBL and PBL

After setting up your enhanced postfix spam block using main.cf:

smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org

Your new configuration reject_rbl_client zen.spamhaus.org need to be tested. Crynwr Software operates a robot which can test DNS-based spam blocks. Hence login to your server - NOT your mail client in your desktop or laptop. Test mails must be initiated directly ON your server. Any mail will do, hence take ANY text file or create a text file with a line of any text - then save that file to whatever filename. Here I use testmail.txt as test file to test the spam block using http://www.crynwr.com/spam/ test robot.

Make sure you have your postfix restarted after making any changes to main.cf ! This is done by:
rcpostfix restart

Many ways to send a mail directly from the server while logged in by shell. cd to the directory of your testmail.txt, then enter in your shell the line:

cat testmail.txt | /usr/sbin/sendmail nelson-sbl-test@crynwr.com

Check your mail box. If your zen.spamhaus.org postfix configuration works, If so then the mail received reads among other text:

554 Service unavailable; Client host [192.203.178.107] blocked using zen.spamhaus.org

1. If you get however 2 eMails. The famous: Uh-oh, your SBL block is not working! and another giving you the full details of successful mail delivery. Then you have an easy to solve problem. If you still get have your SBL block not working,. then see next step.
2. postfix milters work in logical sequence. first milter first, second milter second, etc. To make life to my spiritual readers easier - I had first a number of permit rules to accept any mail coming from half way decent senders, fqdn, etc. Then the few permit rules are followed by the reject rules. As a result of this permit rules first in my main,cf the test mails sent to the test robots of http://www.crynwr.com/spam/ were accepted first and thus resulting in the test faillure. Hence to make such spam blacklists working, the reject rules need to be at the top of your smtpd_recipient_restrictions = list. After changing your postfix milter rules accordingly and another rcpostfix restart - my spam block test succeeded.

As you may know, in main.cf you may use either one filter per line or as shown in my below own postfix configuration one line for all smtpd_recipient_restrictions = postfix milter rules.

This first example of my configuration caused the reject_rbl_client zen.spamhaus.org to initially fail - note that this below italic code all is on ONE line!!

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, permit_auth_destination, reject_unauth_destination, reject_unknown_sender_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org, reject

Placing the spamhaus.org block as showin below at the very beginning of my smtpd_recipient_restrictions = results in correct block by my mail server with the error 554 Service unavailable - blocked using zen.spamhaus.org:

smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org, permit_sasl_authenticated, permit_mynetworks, permit_auth_destination, reject_unauth_destination, reject_unknown_sender_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_client_hostname, reject

With your initial test success, you may want to run the additional test mails for SBL, XBL and PBL as shown on the page crynwr.com spam block tests. Your Testing your PBL block and Testing your XBL block should now all result in a successful response mail: 554 Service unavailable; blocked using zen.spamhaus.org

Good luck

Love and Bliss

hans