postscreen: DNSBL rank not seen in logs for some ip addresses

Wed, 16 Dec 2015 06:57:09 -0800 

hi-

i've become accustomed to seeing log passages like this:

>grep -iF '[142.4.19.85]:52366' mail.log
Dec 16 09:41:09 mta1 postfix/postscreen[27678]: CONNECT from [142.4.19.85]:52366 to [10.3.70.6]:25 Dec 16 09:41:15 mta1 postfix/postscreen[27678]: DNSBL rank 5 for [142.4.19.85]:52366 Dec 16 09:41:15 mta1 postfix/tlsproxy[29186]: CONNECT from [142.4.19.85]:52366 Dec 16 09:41:15 mta1 postfix/tlsproxy[29186]: Anonymous TLS connection established from [142.4.19.85]:52366: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Dec 16 09:41:15 mta1 postfix/postscreen[27678]: NOQUEUE: reject: RCPT from [142.4.19.85]:52366: 550 5.7.1 Service unavailable; client [142.4.19.85] blocked using zen.spamhaus.org; from=<glenb...@server.glenbishopenterprises.com>, to=<recipi...@example.com>, proto=ESMTP, helo=<server.glenbishopenterprises.com> Dec 16 09:41:15 mta1 postfix/postscreen[27678]: HANGUP after 0.54 from [142.4.19.85]:52366 in tests after SMTP handshake Dec 16 09:41:15 mta1 postfix/postscreen[27678]: DISCONNECT [142.4.19.85]:52366 
Dec 16 09:41:15 mta1 postfix/tlsproxy[29186]: DISCONNECT [142.4.19.85]:52366

but sometimes, the DNSBL rank seems to be absent:

>grep -iF '[104.47.32.71]:33498' mail.log.1
Dec 10 14:20:36 mta1 postfix/postscreen[32607]: CONNECT from [104.47.32.71]:33498 to [10.3.70.6]:25 Dec 10 14:20:42 mta1 postfix/tlsproxy[2980]: CONNECT from [104.47.32.71]:33498 Dec 10 14:20:42 mta1 postfix/tlsproxy[2980]: Anonymous TLS connection established from [104.47.32.71]:33498: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) Dec 10 14:20:42 mta1 postfix/postscreen[32607]: NOQUEUE: reject: RCPT from [104.47.32.71]:33498: 450 4.3.2 Service currently unavailable; from=<sen...@example.org>, to=<recipi...@example.com>, proto=ESMTP, helo=<NAM01-SN1-obe.outbound.protection.outlook.com> Dec 10 14:20:42 mta1 postfix/postscreen[32607]: HANGUP after 0.64 from [104.47.32.71]:33498 in tests after SMTP handshake Dec 10 14:20:42 mta1 postfix/postscreen[32607]: PASS NEW [104.47.32.71]:33498 
Dec 10 14:20:42 mta1 postfix/tlsproxy[2980]: DISCONNECT [104.47.32.71]:33498
Dec 10 14:20:42 mta1 postfix/postscreen[32607]: DISCONNECT [104.47.32.71]:33498 

is this expected?  if not, how can i determine why it's happening?

thanks
-ben

Reply via email to