[pfx] quieting postscreen logging of dnsbl-rejected connections?

pgnd via Postfix-users Sat, 17 May 2025 09:02:07 -0700


 on a linux instance of

 postconf mail_version
        mail_version = 3.10.2

postscreen's set up

 postconf -n | grep -i postscreen | sort
        postscreen_access_list = permit_mynetworks 
cidr:/etc/postfix/postscreen_access.cidr
        postscreen_allowlist_interfaces = static:all
        postscreen_cache_cleanup_interval = 12h
        postscreen_cache_map = ${_default_db_type}:${data_dir}/postscreen_cache
        postscreen_cache_retention_time = 7d
        postscreen_denylist_action = drop
        postscreen_dnsbl_action = drop
        postscreen_dnsbl_allowlist_threshold = -1
        postscreen_dnsbl_max_ttl = 
${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
        postscreen_dnsbl_min_ttl = 60s
        postscreen_dnsbl_reply_map = 
pcre:${cfg_dir}/dnsbl_reply_map_postscreen.pcre
        postscreen_dnsbl_sites = 
${v_dqs}.zen.dq.spamhaus.net=127.0.0.[2..11]*20 
${v_dqs}.zen.dq.spamhaus.net=127.0.0.[12..255]*3 bl.spamcop.net*2
        postscreen_dnsbl_threshold = 3
        postscreen_dnsbl_ttl = 1h
        postscreen_greet_action = drop
        postscreen_greet_banner = $smtpd_banner
        postscreen_greet_wait = ${stress?{2}:{6}}s
        postscreen_helo_required = yes
        postscreen_pipelining_action = drop

logs (/var/log/postfix/postfix.log) routinely report postscreen doing its job 
well at fending off 'pulses' of spammy connection attempts. e.g.,

        2025-05-16T03:12:32.448285-04:00 mx postfix/qmgr[2192]: 4b00B33cBWz6b: 
removed
        2025-05-16T03:36:16.529328-04:00 mx postfix/postscreen[42572]: CONNECT 
from [66.78.40.196]:51330 to [xx.xx.xx.xx]:25
        2025-05-16T03:36:16.585348-04:00 mx postfix/dnsblog[42574]: addr 
66.78.40.196 listed by domain bl.spamcop.net as 127.0.0.2
        2025-05-16T03:36:16.681580-04:00 mx postfix/dnsblog[42575]: addr 
66.78.40.196 listed by domain xx...xx.zen.dq.spamhaus.net as 127.0.0.3
        2025-05-16T03:36:22.683247-04:00 mx postfix/postscreen[42572]: DNSBL 
rank 22 for [66.78.40.196]:51330
        2025-05-16T03:36:22.683840-04:00 mx postfix/postscreen[42572]: 
DISCONNECT [66.78.40.196]:51330
        2025-05-16T03:36:22.825789-04:00 mx postfix/postscreen[42572]: CONNECT 
from [66.78.40.196]:57930 to [xx.xx.xx.xx]:25
        2025-05-16T03:36:22.826328-04:00 mx postfix/dnsblog[42574]: addr 
66.78.40.196 listed by domain bl.spamcop.net as 127.0.0.2
        2025-05-16T03:36:22.888596-04:00 mx postfix/dnsblog[42575]: addr 
66.78.40.196 listed by domain xx..xx.zen.dq.spamhaus.net as 127.0.0.3
        2025-05-16T03:36:28.890215-04:00 mx postfix/postscreen[42572]: DNSBL 
rank 22 for [66.78.40.196]:57930
        2025-05-16T03:36:28.890801-04:00 mx postfix/postscreen[42572]: 
DISCONNECT [66.78.40.196]:57930
        2025-05-16T03:36:29.045456-04:00 mx postfix/postscreen[42581]: CONNECT 
from [66.78.40.196]:40592 to [45.79.150.209]:25
        2025-05-16T03:36:29.046023-04:00 mx postfix/dnsblog[42575]: addr 
66.78.40.196 listed by domain bl.spamcop.net as 127.0.0.2
        2025-05-16T03:36:29.072032-04:00 mx postfix/dnsblog[42574]: addr 
66.78.40.196 listed by domain xx..xx.zen.dq.spamhaus.net as 127.0.0.3
        2025-05-16T03:36:35.074231-04:00 mx postfix/postscreen[42581]: DNSBL 
rank 22 for [66.78.40.196]:40592
        2025-05-16T03:36:35.074820-04:00 mx postfix/postscreen[42581]: 
DISCONNECT [66.78.40.196]:40592
        2025-05-16T03:36:35.217217-04:00 mx postfix/postscreen[42572]: CONNECT 
from [66.78.40.196]:44432 to [xx.xx.xx.xx]:25
        2025-05-16T03:36:35.217882-04:00 mx postfix/dnsblog[42575]: addr 
66.78.40.196 listed by domain bl.spamcop.net as 127.0.0.2
        2025-05-16T03:36:35.237824-04:00 mx postfix/dnsblog[42574]: addr 
66.78.40.196 listed by domain xx..xx.zen.dq.spamhaus.net as 127.0.0.3
        2025-05-16T03:36:41.239219-04:00 mx postfix/postscreen[42572]: DNSBL 
rank 22 for [66.78.40.196]:44432
        2025-05-16T03:36:41.239597-04:00 mx postfix/postscreen[42572]: 
DISCONNECT [66.78.40.196]:44432

the number of attempts varies from any one IP -- from just one to hundreds.

atm, ALL logged.  it gets noisy.

i understand that load on pf/dns is fairly low -- as postscreen cache should be 
in use; server resources are certainly not taxed.

and, i know i can filter log output with grep or rsyslog.

can pf's logging config itself, for these connections, be directly quieted -- 
or at least better aggregated?
if so, how?
if not, ndb -- just an inconvenience.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] quieting postscreen logging of dnsbl-rejected connections?

Reply via email to
