Saturday, April 29, 2023, 5:40:19 PM, Ken Peng via Postfix-users wrote:
> Hello
> When I enabled postscreen, why even gmail's sender IP was greylisted?
> The log says:
> Apr 29 15:35:35 mxin postfix/postscreen[59408]: NOQUEUE: reject: RCPT from
> [209.85.160.53]:50219: 450 4.3.2 Service currently unavailable;
> from=<x...@gmail.com>, to=<k...@posthub.me>, proto=ESMTP,
> helo=<mail-oa1-f53.google.com>
> And this is my configuration for postscreen:
> # postscreen
> postscreen_access_list = permit_mynetworks
> cidr:/etc/postfix/postscreen_access.cidr
> postscreen_blacklist_action = drop
> postscreen_greet_action = enforce
> postscreen_dnsbl_threshold = 2
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites = zen.spamhaus.org*2
> postscreen_dnsbl_whitelist_threshold = -2
> # postscreen protocol test
> postscreen_pipelining_enable = yes
> postscreen_pipelining_action = enforce
> postscreen_non_smtp_command_enable = yes
> postscreen_non_smtp_command_action = enforce
> postscreen_bare_newline_enable = yes
> postscreen_bare_newline_action = enforce
> Thank you
> Ken
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
I'm not sure if these things will solve your problem with gmail but...
You don't need the things listed in your "# postscreen protocol test"
block. See the lines in the README that say:
"This test is opportunistically enabled when postscreen(8) has to use the
built-in SMTP engine anyway. This is to make postscreen(8) logging more
informative."
You should have:
postscreen_dnsbl_whitelist_threshold = -1 (not -2)
--
Cheers,
Phil
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
