Hans E. Kristiansen:
> Hi all,
>
> We have installed postscreen on our mail servers, with a table
> lookup to a postgres database. The lookup also records the client
> details (IP address), and we have a basic Java front end with
> lookups to maxmind to get location information. The tools allows
> us to block by CIDR, and monitor connection over time to identify
> various forms of attacks. It has been an eye opener. For reference,
> we also record mail from: and perform the usual checks after rcpt
> to:, and the mail from is checked against a whitelist in the same
> database which is also managed by our end users.
>
> However, I would like to have the option to delay the rejection
> by capturing mail from/rcpt to, but there seems not be a a suitable
> config entry, the closest I have found is "check_client_a_access",
> but this option perform a check of the IP of the host, but I would
> like to have a table lookup akin to "check_client_ip_address" for
> consistency with the current connection.
>
> Hopes this makes sense, and some help is greatly appreciated. Our
> reference installation has been updated to the 3.3.1, from source
> on a centos system.
The Postfix postscreen daemon will delay rejection until RCPT TO
and will log the HELO/EHLO, MAIL FROM and RCPT TO information from
a client that fails the access_list, pregreet, dnsbl or other test,
if you configure the 'enforce' action for those tests. Example:
Nov 23 02:28:16 spike postfix/postscreen[33859]: NOQUEUE: reject:
RCPT from [103.106.193.166]:53404: 550 5.7.1 Service unavailable;
client [103.106.193.166] blocked using zen.spamhaus.org;
from=<deciliterologyje...@hotmail.com>, to=<wie...@porcupine.org>,
proto=SMTP, helo=<hotmail.com>
The Postfix smtpd daemon will delay rejection until RCPT TO and
will log the HELO/EHLO, MAIL FROM and RCPT TO information, with the
default configuration "smtpd_delay_reject = yes". Example:
Nov 23 05:43:03 spike postfix/smtpd[35246]: NOQUEUE: reject:
RCPT from li1587-232.members.linode.com[139.162.103.232]: 554
5.1.8 <mfykrer...@220690.cloudwaysapps.com>: Sender address
rejected: Domain not found; from=<mfykrer...@220690.cloudwaysapps.com>
to=<wie...@porcupine.org> proto=ESMTP helo=<220690.cloudwaysapps.com>
Wietse
