From main.cf: postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11] postscreen_dnsbl_action = drop
I am trying to understand the behaviour from the log. The first is this one: Feb 27 06:02:19 mail postfix/postscreen[46928]: CONNECT from [113.197.35.193]:49976 to [192.168.2.66]:25 Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by domain zen.spamhaus.org as 127.255.255.254 Feb 27 06:02:25 mail postfix/postscreen[46928]: PASS OLD [113.197.35.193]:49976 Feb 27 06:02:27 mail smtp/smtpd[46943]: connect from hb3479.ds.ns01.net[113.197.35.193] Feb 27 06:02:29 mail smtp/smtpd[46943]: NOQUEUE: reject: RCPT from hb3479.ds.ns01.net[113.197.35.193]: 550 5.1.1 <gerben_wie...@rna.nl>: Recipient address rejected: User unknown; from=<i...@ilovepoker.com.au> to=<gerben_wie...@rna.nl> proto=ESMTP helo=<hb3479.ds.ns01.net> The 254 response means: the query comes form an open resolver so we’re not going to reply properly. The mail is a spam messages and could be in a DNSBL, but I get a ’no reply for you’. Mar 04 18:44:25 mail postfix/postscreen[88228]: CONNECT from [189.51.96.252]:38442 to [192.168.2.66]:25 Mar 04 18:44:25 mail postfix/dnsblog[88230]: addr 189.51.96.252 listed by domain zen.spamhaus.org as 127.0.0.4 Mar 04 18:44:25 mail postfix/dnsblog[88230]: addr 189.51.96.252 listed by domain zen.spamhaus.org as 127.0.0.11 Mar 04 18:44:25 mail postfix/dnsblog[88230]: addr 189.51.96.252 listed by domain zen.spamhaus.org as 127.0.0.3 Mar 04 18:44:26 mail postfix/postscreen[88228]: PREGREET 14 after 0.61 from [189.51.96.252]:38442: EHLO mega.nz\r\n Mar 04 18:44:26 mail postfix/postscreen[88228]: DISCONNECT [189.51.96.252]:38442 These responses mean the DNSBL works ok, How do I fix the former one? Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>) R&A IT Strategy <https://ea.rna.nl/> (main site) Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
