On Tuesday, December 23, 2008 at 08:50 CET, LuKreme <krem...@kreme.com> wrote:
> I have the following: > > smtpd_restriction_classes = check_greylist > check_greylist = check_policy_service inet:127.0.0.1:10023 > > smtpd_recipient_restrictions = > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_invalid_hostname, > permit_mynetworks, > check_client_access hash:$config_directory/pbs, > permit_sasl_authenticated, > reject_unauth_destination, > reject_unlisted_sender, > check_client_access cidr:/var/db/dnswl/postfix-dnswl-permit > check_helo_access pcre:$config_directory/helo_checks.pcre, > check_sender_access pcre:$config_directory/sender_access.pcre, > check_client_access pcre:$config_directory/check_client_fqdn.pcre, > check_recipient_access pcre:$config_directory/recipient_checks.pcre, > check_client_access hash:$config_directory/access, > reject_rbl_client zen.spamhaus.org > permit > > helo_checks.pcre: > /(dsl|pool|dynamic|user|hsd|dyn|dial)/ WARN helo Dynamic addresses not > allowed > > and the following in the logs: > > Dec 23 00:17:59 mail postfix/smtpd[81378]: connect from > c-12-34-56-789.comcast.net[12.34.56.789] > Dec 23 00:17:59 mail postgrey[937]: action=greylist, reason=new, > client_name=c-12-34-56-789.hsd1.co.comcast.net, > client_address=12.34.56.789, sender=*mung...@*munged*.com, > recipient=fam...@*munged*.com > Dec 23 00:18:00 mail postfix/smtpd[81378]: NOQUEUE: reject: RCPT from > c-12-34-56-789..comcast.net[12.34.56.789]: 554 5.7.1 Service > unavailable; Client host [12.34.56.789] blocked using > zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=12.34.56.789; > from=<*mung...@*munged*.com> to=<fam...@*munged*.com> proto=ESMTP > helo=<cerebus.hsd1.co.comcast.net> > > But checking the pbs database with pop-before-smtp --list the IP > address is listed. (pbs is the pop-before-smtp database). Either a) the client address wasn't really listed in $config_directory/pbs at the time of rejection, or b) you have another reject_rbl_client restriction somewhere in the configuration. Show full "postconf -n" output. The configuration as listed above will not greylist clients for which $config_directory/pbs returns OK. [...] -- Magnus Bäck mag...@dsek.lth.se