On Sun, Jun 05, 2011 at 09:21:21AM -0400, Wietse Venema wrote:
> /dev/rob0:
> > On Fri, Jun 03, 2011 at 01:09:28PM -0400, Wietse Venema wrote:
> > > postscreen_whitelist_interfaces matters only for clients that
> > > are not yet whitelisted (or that have expired).
> >
> > Issue: previously whitelisted client gets WHITELIST VETO on
> > secondary
>
> Of course, being whitelisted once is NOT a free pass forever.
>
> Check your postscreen_mumble_ttl settings.
All at defaults:
rob0@cardinal:~$ /usr/sbin/postconf | grep '^postscreen_.*_ttl'
postscreen_bare_newline_ttl = 30d
postscreen_dnsbl_ttl = 1h
postscreen_greet_ttl = 1d
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_ttl = 30d
A little more log searching suggests that this was probably an
expiration of postscreen_dnsbl_ttl. The previous connect was:
Jun 5 00:50:47 cardinal postfix/postscreen[14788]: PASS OLD
[174.37.3.121]:58603
and indeed on the secondary MX address. The one I posted hit the
primary at 01:50:46, with PASS OLD at 01:50:52, then it hit the
secondary at 01:50:53. If the one-hour timer started at 00:50:47,
this makes sense.
Just a semi-interesting little fluke, I guess. Another almost-
interesting fact is that this client makes an attempt every hour, as
if a cron job is running at :50 to try to flush the queue of the
undoubtedly many undeliverable mails they have. :)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
