I've added blocking by TLD to my setup. Right now, it blocks at helo checks.
It's working.
Looking at my logs, EVERY time I get a 'bad TLD' connection, there's always 2
similar reject entries, but only one CONNECT/PASS For example
Apr 4 19:55:38 mail01 postfix/postscreen[7444]: CONNECT from
[74.63.250.84]:44441 to [198.51.100.29]:25
Apr 4 19:55:44 mail01 postfix/postscreen[7444]: PASS NEW
[74.63.250.84]:44441
Apr 4 19:55:44 mail01 postfix/psint/smtpd[7450]: connect from
g87d686d.darrylloves.science[74.63.250.84]
Apr 4 19:55:45 mail01 postfix/psint/smtpd[7450]: NOQUEUE: reject: EHLO
from g87d686d.darrylloves.science[74.63.250.84]: 554 5.7.1
<g87d686d.darrylloves.science>: Helo command rejected: TLD; proto=SMTP
helo=<g87d686d.darrylloves.science>
Apr 4 19:55:45 mail01 postfix/psint/smtpd[7450]: NOQUEUE: reject: HELO
from g87d686d.darrylloves.science[74.63.250.84]: 554 5.7.1
<g87d686d.darrylloves.science>: Helo command rejected: TLD; proto=SMTP
helo=<g87d686d.darrylloves.science>
Apr 4 19:55:45 mail01 postfix/psint/smtpd[7450]: disconnect from
g87d686d.darrylloves.science[74.63.250.84] helo=0/1 ehlo=0/1 quit=1 commands=1/3
I'm not exactly sure why I'm getting one CONNECT and 2 REJECTs.
Everything seems to work fine otherwise. The bad TLD's rejected ok. Mail that
does pass, I only get one delivered copy of email.
Are there actually 2 connections from the sender? Or should I be looking to
something wrong in my configuration?
Jason
