I am not understanding something correctly. I'm using postscreen and noticed that a recently connected IP had was not marked as PASS OLD but rather PASS NEW. See log entires below
Aug 1 16:20:54 mta01 postfix/postscreen[41196]: CONNECT from [69.147.83.53]:56643 to [192.168.7.30]:25 Aug 1 16:20:54 mta01 postfix/postscreen[41196]: PASS OLD [69.147.83.53]:56643 Aug 1 20:09:04 mta01 postfix/postscreen[47296]: CONNECT from [69.147.83.53]:62038 to [192.168.7.30]:25 Aug 1 20:09:04 mta01 postfix/postscreen[47296]: PASS OLD [69.147.83.53]:62038 [root@mta01 /usr/local/etc/postfix]# [root@mta01 /usr/local/etc/postfix]# cat /var/log/maillog|grep 69.147.83.53 |grep postscreen Aug 2 02:27:48 mta01 postfix/postscreen[53165]: CONNECT from [69.147.83.53]:51188 to [192.168.7.30]:25 Aug 2 02:27:55 mta01 postfix/postscreen[53165]: NOQUEUE: reject: RCPT from [69.147.83.53]:51188: 450 4.3.2 Service currently unavailable; from=<owner-freebsd-questi...@freebsd.org>, to=<c...@balius.com>, proto=ESMTP, helo=<mx2.freebsd.org> Aug 2 02:27:55 mta01 postfix/postscreen[53165]: PASS NEW [69.147.83.53]:51188 Aug 2 02:27:55 mta01 postfix/postscreen[53165]: DISCONNECT [69.147.83.53]:51188 Aug 2 02:33:02 mta01 postfix/postscreen[53217]: CONNECT from [69.147.83.53]:57368 to [192.168.7.30]:25 Aug 2 02:33:02 mta01 postfix/postscreen[53217]: PASS OLD [69.147.83.53]:57368 Aug 2 02:11:39 mta01 postfix/master[2805]: reload -- version 2.9.1, configuration /usr/local/etc/postfix Aug 2 02:21:15 mta01 postfix/master[2805]: reload -- version 2.9.1, configuration /usr/local/etc/postfix [root@mta01 /usr/local/etc/postfix]# postconf -n|grep postscreen postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/maps/postscreen_access.cidr postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = yes postscreen_blacklist_action = enforce postscreen_client_connection_count_limit = 10 postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = sbl.spamhaus.org*1, xbl.spamhaus.org*1, pbl.spamhaus.org*1 postscreen_dnsbl_threshold = 1 postscreen_greet_action = enforce postscreen_greet_banner = "Welcome to our mail server" postscreen_greet_ttl = 7d postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = yes postscreen_pipelining_action = enforce postscreen_pipelining_enable = yes from just postconf postscreen_cache_retention_time = 7d Which I read to mean that the above IP should have had a life span of 7d inside the temp whitelist. Can any explain why it is listed as PASS NEW? Thank you, Chad
