* Wietse Venema <wie...@porcupine.org>: > Ralf Hildebrandt: > > Today I got this bounce from somebody whose mail had been rejected: > > > > <catalog-...@python.org>: Protocol error: host > > mail.python.org[82.94.164.166] refused to talk to me: > > 220-mail.python.org ESMTP Postfix 521 5.7.1 Blocked by DNSBL > > > > It was quite hard finding this in my log, since the bounce from the > > french system only contained hostnames which would not resolve :( > > > > May I recommend that Postfix at least emits the IP in it's rejection > > message, e.g. like: > > > > 521 5.7.1 123.123.123.123 Blocked by DNSBL > > That would be redundant because Postfix already logs: > > Jun 16 00:00:55 spike postfix/postscreen[78055]: DNSBL rank 1 for 115.174.34.7
If all I have is the bounce from some remote system (which, like I said, contains only bullshit hostnames), then I cannot find the IP from that bounce, since the bounce only contains the Postfix message: "521 5.7.1 Blocked by DNSBL" (no IP there) I was only able to find the rejection based on that sender OTHER / PRIOR use email before the incident. I then had a IP range (not even a single IP!) which I could grep for in the log. Admittedly, this only happened ONCE and for an obscure DNSBL which I then removed from the config. > I will update the logging once postscreen has a built-in smtp-sink > engine that can log the client, helo, sender and recipient. In that case it would be sufficient, yes. > Once that is in place postscreen can have weighted DNSBLs and simplified > greylisting, and by then it becomes viable for the stable release. Again, that would be really cool. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
