'PASS NEW' too slow?

Wed, 30 Oct 2013 13:46:29 -0700 

A non-whitelisted client which hit both primary MX (.211) and 
secondary (.214) in proper sequence is getting deferred by 
postscreen, both times.

Oct 30 20:30:16 harrier postfix/postscreen[551]: CONNECT from 
[216.150.190.51]:35507 to [207.223.116.211]:25
Oct 30 20:30:22 harrier postfix/tlsproxy[570]: CONNECT from 
[216.150.190.51]:35507
Oct 30 20:30:23 harrier postfix/tlsproxy[570]: Anonymous TLS connection 
established from [216.150.190.51]:35507: TLSv1 with cipher DHE-RSA-AES256-SHA 
(256/256 bits)
Oct 30 20:30:23 harrier postfix/postscreen[551]: NOQUEUE: reject: RCPT from 
[216.150.190.51]:35507: 450 4.3.2 Service currently unavailable; 
from=<sen...@example.com>, to=<r...@example.net>, proto=ESMTP, 
helo=<laxcolpps03.suth.com>

But we still don't have the 'PASS NEW' logged. Two seconds go by; 
here's that same client on the secondary MX:

Oct 30 20:30:25 harrier postfix/postscreen[551]: CONNECT from 
[216.150.190.51]:37736 to [207.223.116.214]:25
Oct 30 20:30:25 harrier postfix/postscreen[551]: WHITELIST VETO 
[216.150.190.51]:37736

... getting the WHITELIST VETO.

Oct 30 20:30:31 harrier postfix/tlsproxy[570]: CONNECT from 
[216.150.190.51]:37736
Oct 30 20:30:31 harrier postfix/tlsproxy[570]: Anonymous TLS connection 
established from [216.150.190.51]:37736: TLSv1 with cipher DHE-RSA-AES256-SHA 
(256/256 bits)
Oct 30 20:30:31 harrier postfix/postscreen[551]: NOQUEUE: reject: RCPT from 
[216.150.190.51]:37736: 450 4.3.2 Service currently unavailable; 
from=<sen...@example.com>, to=<r...@example.net>, proto=ESMTP, 
helo=<laxcolpps03.suth.com>
Oct 30 20:30:32 harrier postfix/postscreen[551]: DISCONNECT 
[216.150.190.51]:37736
Oct 30 20:30:32 harrier postfix/tlsproxy[570]: DISCONNECT [216.150.190.51]:37736
Oct 30 20:30:32 harrier postfix/postscreen[551]: PASS NEW [216.150.190.51]:35507

... finally, our PASS NEW.

Oct 30 20:30:32 harrier postfix/postscreen[551]: DISCONNECT 
[216.150.190.51]:35507
Oct 30 20:30:32 harrier postfix/tlsproxy[570]: DISCONNECT [216.150.190.51]:35507

Is the problem because the client kept the connection open? If the 
'PASS NEW' had come at :23, this mail would not have been delayed.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Reply via email to