I reviewed my logs today and I saw a lot of connections from a bunch of
MS outbound gateways before entering the "postgrey layer".
Once postscreen marked one of these gw PASS OLD postgrey put the message
in greylist (default 5 mins), but it expects another connection within
(better: after!) this time. This gw "disappeared" for 12 hours instead,
while another bunch of gateways hit my server.
I know somebody discourages the use of postscreen + postgrey. But I
don't understand those MS retries.
Here is my stripped log:
Nov 24 17:51:13 MAILSERVER postfix/postscreen[21231]: CONNECT from
[157.55.234.104]:45788 to [MAILSERVER]:25
Nov 24 17:51:20 MAILSERVER postfix/tlsproxy[21233]: CONNECT from
[157.55.234.104]:45788
Nov 24 17:51:20 MAILSERVER postfix/postscreen[21231]: NOQUEUE: reject:
RCPT from [157.55.234.104]:45788: 450 4.3.2 Service currently
unavailable; from=<user@ms>, to=<recipient@here>, proto=ESMTP,
helo=<emea01-db3-obe.outbound.protection.outlook.com>
Nov 24 17:51:20 MAILSERVER postfix/tlsproxy[21233]: DISCONNECT
[157.55.234.104]:45788
Nov 24 17:51:20 MAILSERVER postfix/postscreen[21231]: HANGUP after 0.21
from [157.55.234.104]:45788 in tests after SMTP handshake
Nov 24 17:51:20 MAILSERVER postfix/postscreen[21231]: PASS NEW
[157.55.234.104]:45788
Nov 24 17:51:20 MAILSERVER postfix/postscreen[21231]: DISCONNECT
[157.55.234.104]:45788
[...]
a lot of hit-and-run here...
[...]
Nov 25 08:55:19 MAILSERVER postfix/postscreen[31379]: CONNECT from
[157.55.234.104]:60673 to [MAILSERVER]:25
Nov 25 08:55:19 MAILSERVER postfix/postscreen[31379]: PASS OLD
[157.55.234.104]:60673
Nov 25 08:55:20 MAILSERVER postfix/smtpd[31381]: connect from
mail-db3on0104.outbound.protection.outlook.com[157.55.234.104]
Nov 25 08:55:20 MAILSERVER postgrey[3789]: action=pass, reason=triplet
found, delay=43449,
client_name=mail-db3on0104.outbound.protection.outlook.com,
client_address=157.55.234.104, sender=user@ms, recipient=recipient@here
Nov 25 08:55:20 MAILSERVER postfix/smtpd[31381]: 9E375E057:
client=mail-db3on0104.outbound.protection.outlook.com[157.55.234.104]
Nov 25 08:55:20 MAILSERVER postfix/smtpd[31381]: disconnect from
mail-db3on0104.outbound.protection.outlook.com[157.55.234.104]
12 hrs delay, but successfully delivered.
a.
Il 25/11/15 18:19, Steve Jenkins ha scritto:
On Wed, Nov 25, 2015 at 4:13 AM, ale@proto <alessan...@protodigital.net
<mailto:alessan...@protodigital.net>> wrote:
I thinks it's a good starting point, Steve.
And it's much better than doing it manually as I did :-)
Anyway... I rapidly tested delivery time from my office365 account:
- WL disabled: 15 hours
- WL enabled: just a few minutes
postgrey enabled.
Hi, Alessandro. I'd guess that 15 hours was a function of postgrey, and
not of anything native to Postfix (including Postscreen).
I don't run postgrey, and have been very satisfied with the combination
of Postscreen and some sensible smtpd_recipient_restrictions to block
the vast majority of misconfigured mailers trying to connect to my systems.
But regardless of your config, if it's working better for you, that's
awesome. :)
SJ
