Re: hitting greylist after pop-before-smtp 'pass'

Tue, 23 Dec 2008 00:18:01 -0800 

On Tuesday, December 23, 2008 at 08:50 CET,
     LuKreme <krem...@kreme.com> wrote:

> I have the following:
> 
> smtpd_restriction_classes = check_greylist
> check_greylist = check_policy_service inet:127.0.0.1:10023
> 
> smtpd_recipient_restrictions =
>  reject_non_fqdn_sender,
>  reject_non_fqdn_recipient,
>  reject_unknown_sender_domain,
>  reject_invalid_hostname,
>  permit_mynetworks,
>  check_client_access hash:$config_directory/pbs,
>  permit_sasl_authenticated,
>  reject_unauth_destination,
>  reject_unlisted_sender,
>  check_client_access cidr:/var/db/dnswl/postfix-dnswl-permit
>  check_helo_access pcre:$config_directory/helo_checks.pcre,
>  check_sender_access pcre:$config_directory/sender_access.pcre,
>  check_client_access pcre:$config_directory/check_client_fqdn.pcre,
>  check_recipient_access pcre:$config_directory/recipient_checks.pcre,
>  check_client_access hash:$config_directory/access,
>  reject_rbl_client zen.spamhaus.org
>  permit
> 
> helo_checks.pcre:
> /(dsl|pool|dynamic|user|hsd|dyn|dial)/ WARN helo Dynamic addresses not  
> allowed
> 
> and the following in the logs:
> 
> Dec 23 00:17:59 mail postfix/smtpd[81378]: connect from  
> c-12-34-56-789.comcast.net[12.34.56.789]
> Dec 23 00:17:59 mail postgrey[937]: action=greylist, reason=new,  
> client_name=c-12-34-56-789.hsd1.co.comcast.net,  
> client_address=12.34.56.789, sender=*mung...@*munged*.com,  
> recipient=fam...@*munged*.com
> Dec 23 00:18:00 mail postfix/smtpd[81378]: NOQUEUE: reject: RCPT from  
> c-12-34-56-789..comcast.net[12.34.56.789]: 554 5.7.1 Service  
> unavailable; Client host [12.34.56.789] blocked using  
> zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=12.34.56.789;  
> from=<*mung...@*munged*.com> to=<fam...@*munged*.com> proto=ESMTP  
> helo=<cerebus.hsd1.co.comcast.net>
> 
> But checking the pbs database with pop-before-smtp --list the IP  
> address is listed.  (pbs is the pop-before-smtp database).

Either

   a) the client address wasn't really listed in $config_directory/pbs
      at the time of rejection, or
   b) you have another reject_rbl_client restriction somewhere in the
      configuration. Show full "postconf -n" output.

The configuration as listed above will not greylist clients for which
$config_directory/pbs returns OK.

[...]

-- 
Magnus Bäck
mag...@dsek.lth.se

Reply via email to