Saturday, April 29, 2023, 5:40:19 PM, Ken Peng via Postfix-users  wrote:

> Hello
> When I enabled postscreen, why even gmail's sender IP was greylisted?

> The log says:

> Apr 29 15:35:35 mxin postfix/postscreen[59408]: NOQUEUE: reject: RCPT from 
> [209.85.160.53]:50219: 450 4.3.2 Service currently unavailable; 
> from=<x...@gmail.com>, to=<k...@posthub.me>, proto=ESMTP, 
> helo=<mail-oa1-f53.google.com>


> And this is my configuration for postscreen:

> # postscreen
> postscreen_access_list = permit_mynetworks 
> cidr:/etc/postfix/postscreen_access.cidr
> postscreen_blacklist_action = drop
> postscreen_greet_action = enforce
> postscreen_dnsbl_threshold = 2
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites = zen.spamhaus.org*2
> postscreen_dnsbl_whitelist_threshold = -2

> # postscreen protocol test
> postscreen_pipelining_enable = yes
> postscreen_pipelining_action = enforce
> postscreen_non_smtp_command_enable = yes
> postscreen_non_smtp_command_action = enforce
> postscreen_bare_newline_enable = yes 
> postscreen_bare_newline_action = enforce



> Thank you
> Ken
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org

I'm not sure if these things will solve your problem with gmail but...

    You don't need the things listed in your "# postscreen protocol test" 
    block.  See the lines in the README that say:
    
    "This test is opportunistically enabled when postscreen(8) has to use the 
    built-in SMTP engine anyway. This is to make postscreen(8) logging more 
    informative." 

    You should have: 
    postscreen_dnsbl_whitelist_threshold = -1  (not -2)
   

-- 
Cheers,
Phil

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to