My spam-trap script also sweeps the logs for misbehavior from connecting hosts - non-SMTP commands, illegal pipelining, etc.
Two "misbehaves" earn an entry in postscreen_blacklist; and (when I get around to it) two BLACKLISTED refusals will generate an IPtables entry. The blacklist entries die after a couple of days or so. Allen C On 11/02/16 05:25, Noel Jones wrote: > On 2/10/2016 3:41 PM, Allen Coates wrote: >> I have very similar problems. >> >> I was however, thinking along the lines of a command-line executable (or >> script), specifically to rescind a temporary white-list entry. I am >> not very good at the "big picture" :-) >> >> Allen C >> >> On 10/02/16 17:35, Mike Coddington wrote: >>> I had a problem with an IP address sneaking into Postscreen's whitelist. I >>> added the IP address to postscreen_access.cidr and set it to REJECT, as I >>> typically do with problem IP ranges. It seemed as though the temporary >>> whitelist was overriding my request to reject the mail though. I ended up >>> removing postscreen_cache.db and restarting Postfix. Is there a way to go >>> into that database and manually remove specific entries? Most of them are >>> fine, which is why I was sad to have to do the brute force technique that I >>> used. >>> >>> I’m guessing it’s not possible but figured I’d ask. > > Since it's fairly disruptive to alter the postscreen cache db -- it > can only be done with postfix stopped -- a better and more practical > solution is to add the offending clients to a regular old indexed > check_client_access table. > > Changes to an indexed tables (hash, cdb, btree, *sql) are picked up > automatically by smtpd with minimal disruption to mail flow, and > unless the offending client is making dozens (hundreds?) of > connections per minute the overall performance difference is > negligible. In the case of a flood of connections, a firewall block > is probably a better solution anyway. > > So the bottom line is that although it is possible to remove a > client from the postscreen automatic whitelist cache, it's not worth > the trouble. > > > > -- Noel Jones
