postscreen doesn't seem to work anymore
in [Postfix]
|
Prev: How to force SMTP AUTH to restrict Sender Addresses…
Next: How to force SMTP AUTH to restrict Sender Addresses?
From: Ralf Hildebrandt on 15 Jun 2010 12:45 This is postfix-2.8-20100610 From my log: mail:~# fgrep 79.15.172.144 /var/log/mail.log Jun 15 18:15:06 mail postfix/dnsblog[12235]: addr 79.15.172.144 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 Jun 15 18:15:10 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144 So it seems to be listed! Jun 15 18:15:10 mail postfix/smtpd[4613]: connect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] Jun 15 18:15:15 mail postgrey[2007]: action=greylist, reason=new, client_name=host144-172-static.15-79-b.business.telecomitalia.it, client_address=79.15.172.144, sender=backsaw(a)oshima-k.ac.jp, recipient=recipient(a)charite.de HUH? it was allowed to connect??? Jun 15 18:15:18 mail postfix/smtpd[4613]: NOQUEUE: reject: RCPT from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]: 450 4.2.0 <host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]>: Client host rejected: Temporary error - please try again at a later time!; from=<backsaw(a)oshima-k.ac.jp> to=<recipient(a)charite.de> proto=SMTP helo=<owjhd.telecomitalia.it> it was greylisted Jun 15 18:15:19 mail postfix/smtpd[4613]: disconnect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] disconnect Jun 15 18:30:20 mail postfix/dnsblog[15154]: addr 79.15.172.144 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 Jun 15 18:30:24 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144 again, blacklisted, 15 minutes later. Jun 15 18:30:24 mail postfix/smtpd[12815]: connect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] Yet it was allow to pass? Jun 15 18:30:25 mail postgrey[2007]: whitelisted: host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] Jun 15 18:30:25 mail postgrey[2007]: action=pass, reason=triplet found, delay=910, client_name=host144-172-static.15-79-b.business.telecomitalia.it, client_address=79.15.172.144, sender=backsaw(a)oshima-k.ac.jp, recipient=recipient(a)charite.de Jun 15 18:30:25 mail postfix/smtpd[12815]: NOQUEUE: client=host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] Jun 15 18:30:25 mail amavis[15181]: (15181-19) Checking: tP7FwLCrnqi7 [79.15.172.144] <backsaw(a)oshima-k.ac.jp> -> <recipient(a)charite.de> # postconf -n |grep screen postscreen_blacklist_action = drop postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net postscreen_greet_action = drop postscreen_whitelist_networks = 141.42.193.0/24, 141.42.202.0/24, 141.42.203.0/24, 141.42.204.0/24, 141.42.206.0/23, 141.42.250.0/24, 193.175.72.0/24, 193.175.74.0/24 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Ralf Hildebrandt on 15 Jun 2010 13:04 * Ralf Hildebrandt <Ralf.Hildebrandt(a)charite.de>: > Jun 15 18:30:20 mail postfix/dnsblog[15154]: addr 79.15.172.144 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 > Jun 15 18:30:24 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144 > > again, blacklisted, 15 minutes later. > > Jun 15 18:30:24 mail postfix/smtpd[12815]: connect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] > Yet it was allow to pass? I used mykey.zen.dq.spamhaus.net with reject_rbl_client, and now I have the ultimate proof: % tail -f /var/log/mail.log|grep zen Jun 15 19:00:32 mail-ausfall postfix/dnsblog[18933]: addr 67.233.124.39 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.10 Jun 15 19:00:32 mail-ausfall postfix/dnsblog[18933]: addr 67.233.124.39 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 Jun 15 19:00:37 mail-ausfall postfix/smtpd[21734]: NOQUEUE: reject: RCPT from va-67-233-124-39.dhcp.embarqhsd.net[67.233.124.39]: 554 5.7.1 Service unavailable; Client host [67.233.124.39] blocked using mykey.zen.dq.spamhaus.net; http://www.spamhaus.org/query/bl?ip=67.233.124.39 -- Contact postmaster(a)charite.de for whitelisting; from=<sender(a)aberystwyth-online.co.uk> to=<recipient(a)charite.de> proto=SMTP helo=<aberystwyth-online.co.uk> -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Ralf Hildebrandt on 15 Jun 2010 13:22
* Ralf Hildebrandt <Ralf.Hildebrandt(a)charite.de>: I think it was due to me using: postscreen_blacklist_action = drop and no postscreen_dnsbl_action at all. Once I set postscreen_dnsbl_action = drop it seems to work as intended. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de |