Hi,
I have postscreen implemented on postfix-3.7.3 on fedora37, and not sure I
understand if it's working properly. Sometimes I see the postscreen/dnsblog
combination ending with a simple DISCONNECT. In this case, it met the
8-point threshold to be rejected, but appears to only received a DISCONNECT:
May 1 20:57:53 petra postfix-226/postscreen[1104961]: CONNECT from
[95.214.27.139]:50021 to [5.196.7.226]:25
May 1 20:57:53 petra postfix-226/postscreen[1104961]: PREGREET 11 after
0.01 from [95.214.27.139]:50021: EHLO User\r\n
May 1 20:57:53 petra postfix-226/dnsblog[1105023]: addr 95.214.27.139
listed by domain bl.mailspike.net as 127.0.0.2
May 1 20:57:53 petra postfix-226/dnsblog[1105041]: addr 95.214.27.139
listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.4
May 1 20:57:53 petra postfix-226/dnsblog[1105041]: addr 95.214.27.139
listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.2
May 1 20:57:53 petra postfix-226/dnsblog[1105041]: addr 95.214.27.139
listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.9
May 1 20:57:53 petra postfix-226/dnsblog[1105024]: addr 95.214.27.139
listed by domain score.senderscore.com as 127.0.4.6
May 1 20:57:53 petra postfix-226/dnsblog[1105025]: addr 95.214.27.139
listed by domain sip-sip24.mykey.invaluement.com as 127.0.0.2
May 1 20:57:53 petra postfix-226/postscreen[1104961]: DNSBL rank 23 for
[95.214.27.139]:50021
May 1 20:57:54 petra postfix-226/postscreen[1104961]: DISCONNECT
[95.214.27.139]:50021
while other times I do see there is a NOQUEUE/reject involved:
May 1 20:13:15 petra postfix-226/postscreen[1095132]: CONNECT from
[185.146.23.43]:46126 to [5.196.7.226]:25
May 1 20:13:15 petra postfix-226/dnsblog[1095229]: addr 185.146.23.43
listed by domain score.senderscore.com as 127.0.4.89
May 1 20:13:15 petra postfix-226/dnsblog[1095233]: addr 185.146.23.43
listed by domain bb.barracudacentral.org as 127.0.0.2
May 1 20:13:15 petra postfix-226/dnsblog[1095232]: addr 185.146.23.43
listed by domain sip-sip24.mykey.invaluement.com as 127.0.0.2
May 1 20:13:21 petra postfix-226/postscreen[1095132]: DNSBL rank 13 for
[185.146.23.43]:46124
May 1 20:13:21 petra postfix-226/postscreen[1095132]: NOQUEUE: reject:
RCPT from [185.146.23.43]:46124: 550 5.7.1 Service unavailable; client
[185.146.23.43] blocked using DNS Blocklist (invaluement); from=<
simon...@server.sito-wp.com>, to=<tina.pe...@example.com>, proto=ESMTP,
helo=<server.sito-wp.com>
What am I misunderstanding? Here is my postscreen config:
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
texthash:/etc/postfix/postscreen_dnsbl_reply_map
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8
score.senderscore.com=127.0.4.[0..19]*5 score.senderscore.com
=127.0.4.[20..29]*4
score.senderscore.com=127.0.4.[30..49]*3 score.senderscore.com
=127.0.4.[50..59]*2
score.senderscore.com=127.0.4.[60..69]*1 score.senderscore.com
=127.0.4.[70..79]*-1
score.senderscore.com=127.0.4.[80..89]*-2 score.senderscore.com
=127.0.4.[90..100]*-3
bb.barracudacentral.org*7 mykey.zen.dq.spamhaus.net=127.0.0.[4..7]*6
bl.mailspike.net*4 bl.spamcop.net*4 bl.spameatingmonkey.net*4
mykey.zen.dq.spamhaus.net=127.0.0.3*4 sip-sip24.mykey.invaluement.com
=127.0.0.2*8
ubl.unsubscore.com=127.0.0.2*1 list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3 list.dnswl.org
=127.[0..255].[0..255].[2..255]*-4
postscreen_dnsbl_threshold = 8
postscreen_greet_action = enforce
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
