If you are using pfBlocker NG, you might eventually end up receiving no more e-mails from Google's Gmail service, depending on which RBL lists you use. For example, spamcop is known to repeatedly block networks that host Gmail SMTP servers. This may be a problem for you, because everyone and their grandmother is using Gmail.
This solution will take considerably more work, now and in the future, but it will keep all your RBL lists intact.
But how do you get this list of IP addresses? Google uses hundreds if not thousands of outgoing SMTP servers to deliver e-mails and you never know which one hits our firewall. You will make use of SPF to compile a list of IP addresses that are currently allowed to send e-mails under the gmail.com domain. For this you will need a linux shell and dig installed. Let's see what's up with the SPF record of gmail.com:
# dig txt gmail.com | grep spf gmail.com. 594 IN TXT "v=spf1 redirect=_spf.google.com"
This appears to be a redirect to _spf.google.com, alright, let's look up google.com's SPF records:
# dig txt _spf.google.com | grep spf _spf.google.com. 599 IN TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
Fantastic, even more redirects, so you have no other chance than looking up all of these:
# dig txt _netblocks.google.com | grep spf _netblocks.google.com. 1820 IN TXT "v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all" # dig txt _netblocks2.google.com | grep spf _netblocks2.google.com. 2767 IN TXT "v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all" # dig txt _netblocks3.google.com | grep spf _netblocks3.google.com. 3598 IN TXT "v=spf1 ip4:172.217.0.0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.253.56.0/21 ip4:172.253.112.0/20 ip4:108.177.96.0/19 ip4:35.191.0.0/16 ip4:130.211.0.0/22 ~all"
That is an absolutely shocking number of IP addresses, thanks Google for being so lazy on this one. So you will need to compile a list of all these, in our example you will need an IPv4 list (create another IPv6 list if both your firewall and your mailserver use IPv6 and you use IPv6 RBL lists for mail on PfBlocker NG):
IPv4
35.190.247.0/24 64.233.160.0/19 66.102.0.0/20 66.249.80.0/20 72.14.192.0/18 74.125.0.0/16 108.177.8.0/21 173.194.0.0/16 209.85.128.0/17 216.58.192.0/19 216.239.32.0/19 172.217.0.0/19 172.217.32.0/20 172.217.128.0/19 172.217.160.0/20 172.217.192.0/19 172.253.56.0/21 172.253.112.0/20 108.177.96.0/19 35.191.0.0/16 130.211.0.0/22
IPv6
2001:4860:4000::/36 2404:6800:4000::/36 2607:f8b0:4000::/36 2800:3f0:4000::/36 2a00:1450:4000::/36 2c0f:fb50:4000::/36
Updated on: Jan 19, 2020
So this is your custom list, create the RBL Alias exactly as explained in the first paragraph and do not forget force update. Once successful, again send e-mail from Gmail to your local e-mail address and in the end everything will be fine: