On Fri, 7 Aug 2020, Martin Neitzel wrote:
You have to check the smtpd source to see if blacklist{,_r,_sa} could be called at the point where the issue is logged.
Indeed the source code delivered. It suggests the notification should be triggered when the auth attempt reach the smtpd_hard_error_limit: if (state->error_count >= var_smtpd_hard_erlim) { state->reason = REASON_ERROR_LIMIT; state->error_mask |= MAIL_ERROR_PROTOCOL; smtpd_chat_reply(state, "421 4.7.0 %s Error: too many errors", var_myhostname); pfilter_notify(1, vstream_fileno(state->client)); break; } Which I had not set in the main.cf file. After setting it to 5, failed attempts would be sent to blacklistd: $ postconf smtpd_hard_error_limit smtpd_hard_error_limit = 5 $ sudo blacklistctl dump -ab|egrep '32:25' 186.159.2.57/32:25 1/3 2020/08/08 07:31:19 194.213.125.169/32:25 1/3 2020/08/08 07:17:08 185.4.44.60/32:25 1/3 2020/08/08 07:26:26 94.243.219.122/32:25 1/3 2020/08/08 07:21:28 202.40.186.26/32:25 1/3 2020/08/08 07:50:47 Maybe this should be documented... More on connections limit http://www.postfix.org/TUNING_README.html#conn_limit ------------------------------------------------------------------------ Emile `iMil' Heitor <imil@{home.imil.net,NetBSD.org}> | https://imil.net !DSPAM:5f2e3ea253355886372770!