After reading through the recent Postscreen DNSBL threads I decided to give it 
a try.

I used Rob's example from http://rob0.nodns4.us/postscreen.html as a leaping 
off point, but chose to leave pipelining disabled until I'm sure I understand 
what I have going on.

I definitely see some mail coming in from the outside world being passed 
through, and I also see some being blocked by various RBLs which is great.  I 
also see a few blocks that I can't identity the reason for.

A specific example:

tnelson@njmail:/var/log$ grep i...@opulum.us<mailto:i...@opulum.us> mail.log
Apr 24 09:46:21 njmail postfix/postscreen[8764]: NOQUEUE: reject: RCPT from 
[142.11.233.149]:21725: 450 4.3.2 Service currently unavailable; 
from=<i...@opulum.us<mailto:i...@opulum.us>>, 
to=<validu...@starpoint.com<mailto:validu...@starpoint.com>>, proto=ESMTP, 
helo=<dsc149.opulum.us<http://dsc149.opulum.us>>

Service unavailable makes me think I have a problem with my config. Digging a 
little further:

tnelson@njmail:/var/log$ grep 142.11.233.149 mail.log
Apr 24 09:46:15 njmail postfix/postscreen[8764]: CONNECT from 
[142.11.233.149]:21725 to [192.168.6.66]:25
Apr 24 09:46:21 njmail postfix/postscreen[8764]: NOQUEUE: reject: RCPT from 
[142.11.233.149]:21725: 450 4.3.2 Service currently unavailable; 
from=<i...@opulum.us<mailto:i...@opulum.us>>, 
to=<validu...@starpoint.com<mailto:validu...@starpoint.com>>, proto=ESMTP, 
helo=<dsc149.opulum.us<http://dsc149.opulum.us>>
Apr 24 09:46:21 njmail postfix/postscreen[8764]: PASS NEW [142.11.233.149]:21725
Apr 24 09:46:21 njmail postfix/postscreen[8764]: DISCONNECT 
[142.11.233.149]:21725

Why is there a "PASS NEW" after the "NOQUEUE"? I'm obviously missing something, 
but I can't figure out what.

Thanks for any help,
Tony Nelson


This is the config I've setup:

# config originally from http://rob0.nodns4.us/postscreen.html
postscreen_access_list =
   permit_mynetworks,
   cidr:/etc/postfix/postscreen_access.cidr

postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop

postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
        pcre:/etc/postfix/postscreen_dnsbl_reply_map.pcre

postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
        zen.spamhaus.org<http://zen.spamhaus.org>*3
        b.barracudacentral.org<http://b.barracudacentral.org>*2
        bl.spameatingmonkey.net<http://bl.spameatingmonkey.net>*2
        dnsbl.ahbl.org<http://dnsbl.ahbl.org>*2
        bl.spamcop.net<http://bl.spamcop.net>
        dnsbl.sorbs.net<http://dnsbl.sorbs.net>
        psbl.surriel.com<http://psbl.surriel.com>
        bl.mailspike.net<http://bl.mailspike.net>
        swl.spamhaus.org<http://swl.spamhaus.org>*-4
        list.dnswl.org<http://list.dnswl.org>=127.[0..255].[0..255].0*-2
        list.dnswl.org<http://list.dnswl.org>=127.[0..255].[0..255].1*-3
        list.dnswl.org<http://list.dnswl.org>=127.[0..255].[0..255].[2..255]*-4

postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes



________________________________
Since 1982, Starpoint Solutions has been a trusted source of human capital and 
solutions. We are committed to our clients, employees, environment, community 
and social concerns. We foster an inclusive culture based on trust, respect, 
honesty and solid performance. Learn more about Starpoint and our social 
responsibility at http://www.starpoint.com/social_responsibility

________________________________
This email message from Starpoint Solutions LLC is for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply email and 
destroy all copies of the original message. Opinions, conclusions and other 
information in this message that do not relate to the official business of 
Starpoint Solutions shall be understood as neither given nor endorsed by it.

Reply via email to