On 03.03.19 10:21, Mayhem wrote:
It doesn't appear that postscreen_dnsbl_action is working correctly when set to "drop".The manual states "Drop the connection immediately with a 521 SMTP reply" - but that's not happening. It's still checking the block lists. Mar 3 08:03:50 localhost postfix/postscreen[80179]: CONNECT from [185.234.217.223]:64507 to [xx.xx.xx.xx]:25 Mar 3 08:03:50 localhost postfix/dnsblog[80180]: addr 185.234.217.223 listed by domain zen.spamhaus.org as 127.0.0.2 Mar 3 08:03:50 localhost postfix/dnsblog[80180]: addr 185.234.217.223 listed by domain zen.spamhaus.org as 127.0.0.4 Mar 3 08:03:56 localhost postfix/postscreen[80179]: DNSBL rank 1 for [185.234.217.223]:64507 Mar 3 08:03:56 localhost postfix/postscreen[80179]: HANGUP after 0.48 from [185.234.217.223]:64507 in tests after SMTP handshake
according to: http://www.postfix.org/POSTSCREEN_README.html When an SMTP client hangs up unexpectedly, postscreen(8) logs this as: HANGUP after time from [address]:port in test name this looks like client hung up before postscreen could reject the connection. as I understand it, postscreen_greet_action is evaluated before postscreen_dnsbl_action, so it hits before due to this.
postscreen_dnsbl_action = drop
postscreen_dnsbl_max_ttl =
${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
postscreen_dnsbl_min_ttl = 60s
postscreen_dnsbl_reply_map =
postscreen_dnsbl_sites = zen.spamhaus.org, b.barracudacentral.org
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_timeout = 10s
postscreen_dnsbl_whitelist_threshold = 0
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?{2}:{6}}s
-- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.Nothing is fool-proof to a talented fool.
