On Fri, Dec 13, 2019 at 11:03:49AM +0100, Claus R. Wickinghoff wrote:
> Dec 13 09:16:27 mole postfix/postscreen[1771]: PASS OLD [45.146.203.135]:49121
>
> Now it reconnects and with the cache entry it's calssified as "PASS OLD"
> and got redirected to smtpd...
>
> Dec 13 09:16:27 mole postfix/smtpd[1839]: 369B040088:
> client=tremble.sckenz.com[45.146.203.135]
> tremble.sckenz.com[45.146.203.135] ehlo=1 mail=1 rcpt=1 data=1 quit=1
> commands=5
>
> ...and delivers its spam.
>
> If I check some blacklists now, I got hits:
>
> LISTED Spamhaus ZEN 45.146.203.135 was listed 60 0
> Ignore
My advice would be to enable zen.spamhaus.org (or similar mainstream low
FP rate RBL) on a per-message basis in smtpd(8):
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org
The purpose of postscreen is to try to keep botnets from consuming all
your SMTP connection slots. You should have anti-spam measures in place
for the clients that get through.
I would avoid unduly short postscreen cache times, that can lead to
legitimate clients not getting through at all.
--
Viktor.
