After reading through the recent Postscreen DNSBL threads I decided to give it a try.
I used Rob's example from http://rob0.nodns4.us/postscreen.html as a leaping off point, but chose to leave pipelining disabled until I'm sure I understand what I have going on. I definitely see some mail coming in from the outside world being passed through, and I also see some being blocked by various RBLs which is great. I also see a few blocks that I can't identity the reason for. A specific example: tnelson@njmail:/var/log$ grep i...@opulum.us<mailto:i...@opulum.us> mail.log Apr 24 09:46:21 njmail postfix/postscreen[8764]: NOQUEUE: reject: RCPT from [142.11.233.149]:21725: 450 4.3.2 Service currently unavailable; from=<i...@opulum.us<mailto:i...@opulum.us>>, to=<validu...@starpoint.com<mailto:validu...@starpoint.com>>, proto=ESMTP, helo=<dsc149.opulum.us<http://dsc149.opulum.us>> Service unavailable makes me think I have a problem with my config. Digging a little further: tnelson@njmail:/var/log$ grep 142.11.233.149 mail.log Apr 24 09:46:15 njmail postfix/postscreen[8764]: CONNECT from [142.11.233.149]:21725 to [192.168.6.66]:25 Apr 24 09:46:21 njmail postfix/postscreen[8764]: NOQUEUE: reject: RCPT from [142.11.233.149]:21725: 450 4.3.2 Service currently unavailable; from=<i...@opulum.us<mailto:i...@opulum.us>>, to=<validu...@starpoint.com<mailto:validu...@starpoint.com>>, proto=ESMTP, helo=<dsc149.opulum.us<http://dsc149.opulum.us>> Apr 24 09:46:21 njmail postfix/postscreen[8764]: PASS NEW [142.11.233.149]:21725 Apr 24 09:46:21 njmail postfix/postscreen[8764]: DISCONNECT [142.11.233.149]:21725 Why is there a "PASS NEW" after the "NOQUEUE"? I'm obviously missing something, but I can't figure out what. Thanks for any help, Tony Nelson This is the config I've setup: # config originally from http://rob0.nodns4.us/postscreen.html postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_bare_newline_action = enforce postscreen_bare_newline_enable = yes postscreen_blacklist_action = drop postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = pcre:/etc/postfix/postscreen_dnsbl_reply_map.pcre postscreen_dnsbl_threshold = 3 postscreen_dnsbl_sites = zen.spamhaus.org<http://zen.spamhaus.org>*3 b.barracudacentral.org<http://b.barracudacentral.org>*2 bl.spameatingmonkey.net<http://bl.spameatingmonkey.net>*2 dnsbl.ahbl.org<http://dnsbl.ahbl.org>*2 bl.spamcop.net<http://bl.spamcop.net> dnsbl.sorbs.net<http://dnsbl.sorbs.net> psbl.surriel.com<http://psbl.surriel.com> bl.mailspike.net<http://bl.mailspike.net> swl.spamhaus.org<http://swl.spamhaus.org>*-4 list.dnswl.org<http://list.dnswl.org>=127.[0..255].[0..255].0*-2 list.dnswl.org<http://list.dnswl.org>=127.[0..255].[0..255].1*-3 list.dnswl.org<http://list.dnswl.org>=127.[0..255].[0..255].[2..255]*-4 postscreen_greet_action = enforce postscreen_non_smtp_command_enable = yes ________________________________ Since 1982, Starpoint Solutions has been a trusted source of human capital and solutions. We are committed to our clients, employees, environment, community and social concerns. We foster an inclusive culture based on trust, respect, honesty and solid performance. Learn more about Starpoint and our social responsibility at http://www.starpoint.com/social_responsibility ________________________________ This email message from Starpoint Solutions LLC is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Opinions, conclusions and other information in this message that do not relate to the official business of Starpoint Solutions shall be understood as neither given nor endorsed by it.
