Wietse Venema:
> Jason:
> > I want to find a more radical way to forcibly disconnect the IP when the
> > check has finished and the IP hasn't passed it. How can I do that? (I
> > seek a Postfix solution, not iptables or similar)
>
> Wietse:
> > Configure Postfix to reply with 521 or 421, then it hangs up.
>
> Chalmers:
> > Can you show an example please.
> > I too could really use this advice.
>
> With check_*_access, use an action of "521 go away" to disconnect
> a client.
>
> In main.cf, set "maps_rbl_reject_code = 521" to disconnect a client
> that is blocked with reject_rbl_* or reject_rhsbl_*.
>
> With postscreen_access_list, specify a "reject" action to drop a
> connection.
Forgot to mention: this assumes you have "postscreen_blacklist_action
= drop" in main.cf (the default is "ignore"; the setting "enforce"
directs the client to a dummy SMTP engine that records the helo,
sender and recipient info, which is useful if you're worried about
false positives).
Wietse
