On Sat, 29 Apr 2023, Ken Peng via Postfix-users wrote:
Nope. I found that if I enabled protocol test, every provider including
gmail/orange/vodafone sending messages to me will get response code 450. After
I disabled those protocol test, everything goes fine.
So what's the correct way to deal with postscreen protocol tests?
The correct way is to read the documentation before enabling the deep protocol
tests, especially concerning the limitation that postscreen cannot hand off the
live connection to the postfix server process.
I mean the following stuff.
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce
Yes, go and read the POSTSCREEN_README.txt again :)
Cheers.
(bottom-posted part left for context).
Apr 29 15:35:35 mxin postfix/postscreen[59408]: NOQUEUE: reject: RCPT from
[209.85.160.53]:50219: 450 4.3.2 Service currently unavailable;
from=<x...@gmail.com>, to=<k...@posthub.me>, proto=ESMTP,
helo=<mail-oa1-f53.google.com>
And this is my configuration for postscreen:
# postscreen
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_greet_action = enforce
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*2
postscreen_dnsbl_whitelist_threshold = -2
# postscreen protocol test
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce
There doesn't seem to be anything specific to gmail, so if you enable
greylisting, it will apply to everyone.
Cheers.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
