Hi, I have an fc18 box with postfix-2.9.6 and have configured postscreen and sqlgrey to help with spam. I have postscreen_dnsbl_threshold set to 3, and have weighted several RBLs, and dnsblog logs the hits, but they don't seem to be being rejected:
Nov 1 04:30:45 mail03 postfix/postscreen[30264]: CONNECT from [157.56.120.101]:2142 to [68.195.193.45]:25 Nov 1 04:30:45 mail03 postfix/dnsblog[30271]: addr 157.56.120.101 listed by domain bl.spamcop.net as 127.0.0.2 Nov 1 04:30:45 mail03 postfix/dnsblog[30273]: addr 157.56.120.101 listed by domain dnsbl.sorbs.net as 127.0.0.6 Nov 1 04:30:45 mail03 postfix/dnsblog[30777]: addr 157.56.120.101 listed by domain b.barracudacentral.org as 127.0.0.2 Nov 1 04:30:45 mail03 postfix/dnsblog[30267]: addr 157.56.120.101 listed by domain list.dnswl.org as 127.0.3.0 Nov 1 04:30:45 mail03 postfix/postscreen[30264]: PASS OLD [157.56.120.101]:2142 Nov 1 04:30:46 mail03 postfix/smtpd[31256]: connect from emea01-db3-ndr.ptr.protection.outlook.com[157.56.120.101] Nov 1 04:30:46 mail03 sqlgrey: grey: identified dynamic pattern (name): emea01-db3-ndr.ptr.protection.outlook.com, 157.56.120.101: Using full IP. Nov 1 04:30:47 mail03 sqlgrey: grey: new: 157.56.120.101(157.56.120.101), [email protected] -> [email protected] Nov 1 04:30:48 mail03 postfix/smtpd[31256]: NOQUEUE: reject: RCPT from emea01-db3-ndr.ptr.protection.outlook.com[157.56.120.101]: 450 4.7.1 <[email protected]>: Recipient address rejected: Greylisted for 5 minutes; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<emea01-db3-obe.outbound.protection.outlook.com> Nov 1 04:30:48 mail03 postfix/smtpd[31256]: disconnect from emea01-db3-ndr.ptr.protection.outlook.com[157.56.120.101] It's only sqlgrey that's terminating the connection, despite it being listed on plenty of blocklists. I also have postscreen_dnsbl_reply_map configured, and whenever it hits the entry that's in the file to which it points, the IP is rejected: Nov 1 05:58:28 mail03 postfix/postscreen[29123]: CONNECT from [109.154.161.145]:2696 to [68.195.193.45]:25 Nov 1 05:58:28 mail03 postfix/dnsblog[29124]: addr 109.154.161.145 listed by domain igrfg3cucjddwveo4lwl7kidl4.zen.dq.spamhaus.net as 127.0.0.11 Nov 1 05:58:28 mail03 postfix/dnsblog[29124]: addr 109.154.161.145 listed by domain igrfg3cucjddwveo4lwl7kidl4.zen.dq.spamhaus.net as 127.0.0.4 Nov 1 05:58:28 mail03 postfix/dnsblog[30406]: addr 109.154.161.145 listed by domain bl.spamcop.net as 127.0.0.2 Nov 1 05:58:28 mail03 postfix/dnsblog[29233]: addr 109.154.161.145 listed by domain b.barracudacentral.org as 127.0.0.2 Nov 1 05:58:28 mail03 postfix/dnsblog[29225]: addr 109.154.161.145 listed by domain bl.spameatingmonkey.net as 127.0.0.3 Nov 1 05:58:28 mail03 postfix/dnsblog[30442]: addr 109.154.161.145 listed by domain psbl.surriel.com as 127.0.0.2 Nov 1 05:58:28 mail03 postfix/dnsblog[29126]: addr 109.154.161.145 listed by domain dnsbl.sorbs.net as 127.0.0.6 Nov 1 05:58:28 mail03 postfix/dnsblog[29126]: addr 109.154.161.145 listed by domain dnsbl.sorbs.net as 127.0.0.10 Nov 1 05:58:28 mail03 postfix/dnsblog[30443]: addr 109.154.161.145 listed by domain bl.mailspike.net as 127.0.0.11 Nov 1 05:58:34 mail03 postfix/postscreen[29123]: DNSBL rank 11 for [109.154.161.145]:2696 Nov 1 05:58:34 mail03 postfix/postscreen[29123]: NOQUEUE: reject: RCPT from [109.154.161.145]:2696: 550 5.7.1 Service unavailable; client [109.154.161.145] blocked using multiple DNS-based blocklists; from=<[email protected]>, to=<[email protected]>, proto=ESMTP, helo=<host109-154-161-145.range109-154.btcentralplus.com> Nov 1 05:58:34 mail03 postfix/postscreen[29123]: DISCONNECT [109.154.161.145]:2696 The contents of my postscreen_dnsbl_reply_map is: !/^mykey\.dbl\.dq\.spamhaus\.net$/ multiple DNS-based blocklists I've included below the output of my postconf. I'd sure appreciate any ideas you may have. alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases allow_mail_to_files = alias,forward always_bcc = bcc-user biff = no body_checks = regexp:/etc/postfix/body_checks.pcre command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix default_process_limit = 200 delay_warning_time = 4h disable_vrfy_command = yes fallback_relay = header_checks = pcre:/etc/postfix/header_checks.pcre pcre:/etc/postfix/header_checks-jimsun.pcre html_directory = no inet_protocols = ipv4 mail_owner = postfix mailbox_command = /usr/bin/procmail mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maximal_queue_lifetime = 2d message_size_limit = 13312000 mime_header_checks = pcre:/etc/postfix/mime_header_checks mydestination = $myhostname, localhost.$mydomain mydomain = example.com myhostname = mail01.example.com mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.6.0/24, 68.XXX.YYY.40/29, 64.XXX.YYY.0/27, 206.XXX.YYY.45/32 newaliases_path = /usr/bin/newaliases postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = drop postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = pcre:$config_directory/postscreen_dnsbl_reply_map.pcre postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net*3 b.barracudacentral.org*2 bl.spameatingmonkey.net*2 dnsbl.ahbl.org*2 bl.spamcop.net dnsbl.sorbs.net psbl.surriel.com bl.mailspike.net swl.spamhaus.org*-4 list.dnswl.org=127.[0..255].[0..255].0*-2 list.dnswl.org=127.[0..255].[0..255].1*-3 list.dnswl.org=127.[0..255].[0..255].[2..255]*-4 postscreen_dnsbl_threshold = 3 postscreen_greet_action = enforce postscreen_whitelist_interfaces = static:all 172.XX.YY.160/32 64.XXX.YYY.0/24 206.XXX.YYY.45/32 queue_directory = /var/spool/postfix rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps} readme_directory = /usr/share/doc/postfix-2.9.6/README_FILES relay_domains = $mydestination, $transport_maps, example.com sample_directory = /usr/share/doc/postfix-2.9.6/samples sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_restrictions = check_client_access cidr:/etc/postfix/client_access_blocklist smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_recipient, check_client_access hash:/etc/postfix/client_checks_special, check_sender_access hash:/etc/postfix/sender_checks_special, reject_non_fqdn_sender, reject_unlisted_recipient, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net, reject_rhsbl_sender mykey.dbl.dq.spamhaus.net, reject_rhsbl_helo mykey.dbl.dq.spamhaus.net check_helo_access pcre:/etc/postfix/helo_checks.pcre, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:2501, check_client_access hash:/etc/postfix/client_checks, check_sender_access hash:/etc/postfix/sender_checks, check_recipient_access pcre:/etc/postfix/relay_recips_access, check_recipient_access pcre:/etc/postfix/property_recip_map, check_recipient_access pcre:/etc/postfix/recipient_checks, check_recipient_access pcre:/etc/postfix/bwi_relay_recip_checks, check_recipient_access pcre:/etc/postfix/relay_recips_ecartis, permit transport_maps = hash:/etc/postfix/transport virtual_alias_maps = hash:/etc/postfix/virtual
