Re: postscreen -> client hangup unexpectedly -> PASS NEW ?? ..odd?

Thu, 07 Apr 2011 20:29:40 -0700 

On 4/7/2011 9:41 PM, Amedeo Rinaldo wrote:


ciao a tutti ;)

i'm finally learning postscreen (..ahh.. find the time) and
i'm trying to fine tune the entire system.. and myself :)
I was wondering if the following behaviour is due to a
my-setup missing parameter or to a my mistake/misunderstanding
in reading the manual ..


before, some details:

#######################################################

- debian squeeze
- postfix 2.8.2

# postconf -n | egrep postscreen
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = yes
postscreen_greet_action = enforce
postscreen_greet_banner = pre-greet____please-wait
postscreen_greet_wait = ${stress?2}${stress:8}s
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes

#######################################################


now, logs lines of what i mean:


-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
Apr 8 03:28:46 mx20 postfix/postscreen[16419]: CONNECT from
[190.135.213.150]:18780


The client connects.


Apr 8 03:28:55 mx20 postfix/postscreen[16419]: NOQUEUE:
reject: RCPT from [190.135.213.150]:18780: 450 4.3.2 Service
currently unavailable; from=<no-reply...@job.de>,
to=<eb...@validdomain.com>, proto=ESMTP, helo=<anteldata.net.uy>



postscreen tests the connection and issues a reject with a 450 
"try again" code.  At this point, the client has done 
everything postscreen requires and testing is complete.



Apr 8 03:28:55 mx20 postfix/postscreen[16419]: HANGUP after
1.6 from [190.135.213.150]:18780 in tests after SMTP handshake


The client disconnects after the reject from postscreen.


Apr 8 03:28:55 mx20 postfix/postscreen[16419]: PASS NEW
[190.135.213.150]:18780


The client was well-behaved and was added to the PASS list.


Apr 8 03:28:55 mx20 postfix/postscreen[16419]: DISCONNECT
[190.135.213.150]:18780


postscreen ends the session.



Looks OK to me.  Consider adding some postscreen_dnsbl_sites 
such as zen.spamhaus.org to reject unwanted mail from sites 
that pass the protocol tests.



  -- Noel Jones






















					Reply via email to