The code 450 is the "deep tests" doing their stuff. When a a remote host calls for the first time, it sees a temp-fail (code 450).
When the host calls back, *USING THE SAME IP ADDRESS*, it will be passed through to the mail server. The host has to call twice to get through. With gmail and the like, they never use the same IP address twice, and the connection is stopped every time. A "proper" grey-list ap looks at three pieces of data:- hostname, source and destination addresses - Postscreen ONLY looks at the IP address, and is easily fooled by multiple mail servers. Trust us - Postscreen doesn't work as a grey-lister. :-) Allen C On 29/04/2023 11:43, Ken Peng via Postfix-users wrote: > Nope. I found that if I enabled protocol test, every provider including > gmail/orange/vodafone sending messages to me will get response code 450. > After I disabled those protocol test, everything goes fine. > > So what's the correct way to deal with postscreen protocol tests? > > I mean the following stuff. > >>> postscreen_pipelining_enable = yes >>> postscreen_pipelining_action = enforce >>> postscreen_non_smtp_command_enable = yes >>> postscreen_non_smtp_command_action = enforce >>> postscreen_bare_newline_enable = yes >>> postscreen_bare_newline_action = enforce > > Thanks. > > >> On Sat, 29 Apr 2023, Ken Peng via Postfix-users wrote: >> >>> Hello >>> >>> When I enabled postscreen, why even gmail's sender IP was greylisted? >>> >> Did you expect or configure to deal with gmail differently? >> >>> The log says: >>> >>> Apr 29 15:35:35 mxin postfix/postscreen[59408]: NOQUEUE: reject: RCPT from >>> [209.85.160.53]:50219: 450 4.3.2 Service currently unavailable; >>> from=<x...@gmail.com>, to=<k...@posthub.me>, proto=ESMTP, >>> helo=<mail-oa1-f53.google.com> >>> >>> And this is my configuration for postscreen: >>> >>> # postscreen >>> postscreen_access_list = permit_mynetworks >>> cidr:/etc/postfix/postscreen_access.cidr >>> postscreen_blacklist_action = drop >>> postscreen_greet_action = enforce >>> postscreen_dnsbl_threshold = 2 >>> postscreen_dnsbl_action = enforce >>> postscreen_dnsbl_sites = zen.spamhaus.org*2 >>> postscreen_dnsbl_whitelist_threshold = -2 >>> >>> # postscreen protocol test >>> postscreen_pipelining_enable = yes >>> postscreen_pipelining_action = enforce >>> postscreen_non_smtp_command_enable = yes >>> postscreen_non_smtp_command_action = enforce >>> postscreen_bare_newline_enable = yes >>> postscreen_bare_newline_action = enforce >>> >> There doesn't seem to be anything specific to gmail, so if you enable >> greylisting, it will apply to everyone. >> >> Cheers. >> >> _______________________________________________ >> Postfix-users mailing list -- postfix-users@postfix.org >> To unsubscribe send an email to postfix-users-le...@postfix.org >> > -- > https://kenpeng.pages.dev/ > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
