On 5 Apr 2016, at 10:08, Wietse Venema wrote:
jaso...@mail-central.com:
I've added blocking by TLD to my setup. Right now, it blocks at helo
checks.
It's working.
Looking at my logs, EVERY time I get a 'bad TLD' connection, there's
always 2 similar reject entries, but only one CONNECT/PASS For
example
Apr 4 19:55:38 mail01 postfix/postscreen[7444]: CONNECT from
[74.63.250.84]:44441 to [198.51.100.29]:25
Apr 4 19:55:44 mail01 postfix/postscreen[7444]: PASS NEW
[74.63.250.84]:44441
Apr 4 19:55:44 mail01 postfix/psint/smtpd[7450]: connect from
g87d686d.darrylloves.science[74.63.250.84]
Apr 4 19:55:45 mail01 postfix/psint/smtpd[7450]: NOQUEUE: reject:
EHLO from g87d686d.darrylloves.science[74.63.250.84]: 554 5.7.1
<g87d686d.darrylloves.science>: Helo command rejected: TLD;
proto=SMTP helo=<g87d686d.darrylloves.science>
Apr 4 19:55:45 mail01 postfix/psint/smtpd[7450]: NOQUEUE: reject:
HELO from g87d686d.darrylloves.science[74.63.250.84]: 554 5.7.1
<g87d686d.darrylloves.science>: Helo command rejected: TLD;
proto=SMTP helo=<g87d686d.darrylloves.science>
Apr 4 19:55:45 mail01 postfix/psint/smtpd[7450]: disconnect from
g87d686d.darrylloves.science[74.63.250.84] helo=0/1 ehlo=0/1 quit=1
commands=1/3
I'm not exactly sure why I'm getting one CONNECT and 2 REJECTs.
The client sent two RCPT TO commands. Why did it try the same
recipient twice? No idea, I didn't write the client code.
I think that's slightly wrong. There is no RCPT.
First rejection is of EHLO, second is of HELO. This is standard client
behavior if the rejection is not deferred to RCPT but actually being
done at EHLO/HELO time : EHLO gets rejected so HELO is (correctly) tried
instead.
With "smtpd_delay_reject = yes" this would be avoided because the
rejection would be deferred to RCPT time.
