On 6/4/2012 2:07 PM, james wrote: > We are seeing a message that I don't understand on our postfix servers > with postscreen enabled. Here is a rejection message from maillog when > a test tries to e-mail abuse@ address: > > 2012-06-04T12:45:23.773219-04:00 mx2 postfix/postscreen[4312]: > NOQUEUE: reject: RCPT from [174.133.202.226]:2860: 450 4.3.2 Service > currently unavailable; from=<>, to=<ab...@shambhala.com > <mailto:ab...@shambhala.com>>, proto=SMTP, helo=<test.DNSreport.com> > >
You enabled some "deep protocol" tests as documented: http://www.postfix.org/POSTSCREEN_README.html#after_220 This causes 4XX replies to clients not yet on the temporary whitelist as documented. If this does not suit you, please reread the documentation and make the necessary changes. Brian > Service currently unavailable doesn't make sense as a rejection > message. Is it referring to the postscreen service not being > available? I think it is setup correctly. Here is the setup of > master.cf and then main.cf > postscreen_access_list = permit_mynetworks, > cidr:/etc/postfix/postscreen_access.cidr > postscreen_bare_newline_action = enforce > postscreen_bare_newline_enable = yes > postscreen_blacklist_action = enforce > postscreen_dnsbl_action = enforce > postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2 > bl.spameatingmonkey.net*2 bl.spamcop.net*1 swl.spamhaus.org*-5 > list.dnswl.org*-5 hostkarma.junkemailfilter.com=127.0.0.1*-5 > postscreen_dnsbl_threshold = 3 > postscreen_greet_action = enforce > postscreen_non_smtp_command_enable = yes > postscreen_pipelining_enable = yes
