Hello,
could you help me to understand this behavior in postcreen?
I see:
2016-05-20T15:49:13.988843+02:00 mx postfix/postscreen[32210]: PASS NEW
[157.56.110.148]:29046
2016-05-20T15:49:13.828110+02:00 mx postfix/postscreen[32210]: NOQUEUE:
reject: RCPT from [157.56.110.148]:29046: 450 4.3.2 Service currently
unavailable; from=<x...@example.org>, to=<x...@example.com>, proto=ESMTP,
helo=<na01-bn1-obe.outbound.protection.outlook.com>
2016-05-20T15:49:07.392420+02:00 mx postfix/dnsblog[8434]: addr
157.56.110.148 listed by domain list.dnswl.org as 127.0.3.0
2016-05-20T15:49:07.384799+02:00 mx postfix/dnsblog[1304]: addr
157.56.110.148 listed by domain wl.mailspike.net as 127.0.0.17
2016-05-20T15:49:07.369300+02:00 mx postfix/postscreen[32210]: CONNECT
from [157.56.110.148]:29046 to [158.102.109.83]:25
I configured
postscreen_dnsbl_whitelist_threshold = -2
so I expect that if a client get a rank of -2 should not be disconnected.
[root@mx etc]# postconf | grep postscreen_
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = memcache:/etc/postfix/memcache-postscreen.cf
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit =
$smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?{10}:{300}}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps =
$smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = enforce
postscreen_dnsbl_max_ttl =
${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
postscreen_dnsbl_min_ttl = 60s
postscreen_dnsbl_reply_map = pcre:/etc/postfix/postscreen-dnsbl-reply-map
postscreen_dnsbl_sites = zen.dnsbl*4 bl.spamcop.net*1
b.barracudacentral.org*1 dnsbl.sorbs.net*1 psbl.surriel.com*1
ubl.unsubscore.com*1 bl.score.senderscore.com*1 dnsbl-1.uceprotect.net*1
dnsbl-2.uceprotect.net*1 dnsbl-3.uceprotect.net*1 bl.mailspike.net*1
list.dnswl.org=127.[0..255].[0..255].[0..2]*-1
list.dnswl.org=127.[0..255].[0..255].[3..254]*-2 whiteip.rbl.csi.it*-3
wl.mailspike.net=127.0.0.[18..20]*-1
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_timeout = 10s
postscreen_dnsbl_whitelist_threshold = -2
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = enforce
postscreen_greet_banner = mx.example.com ESMTP $mail_name. I don't
remember of you, I'll check your mind!
postscreen_greet_ttl = 7d
postscreen_greet_wait = ${stress?{2}:{6}}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_upstream_proxy_protocol =
postscreen_upstream_proxy_timeout = 5s
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
postscreen_whitelist_interfaces = static:all
mail_version = 3.1.0
Thank you very much
Best Regards
Marco
