On 6/16/2010 5:45 PM, Wietse Venema wrote:
Ralf Hildebrandt:
Today I got this bounce from somebody whose mail had been rejected:
<catalog-...@python.org>: Protocol error: host
mail.python.org[82.94.164.166] refused to talk to me:
220-mail.python.org ESMTP Postfix 521 5.7.1 Blocked by DNSBL
It was quite hard finding this in my log, since the bounce from the
french system only contained hostnames which would not resolve :(
May I recommend that Postfix at least emits the IP in it's rejection message,
e.g. like:
521 5.7.1 123.123.123.123 Blocked by DNSBL
That would be redundant because Postfix already logs:
Jun 16 00:00:55 spike postfix/postscreen[78055]: DNSBL rank 1 for 115.174.34.7
I will update the logging once postscreen has a built-in smtp-sink
engine that can log the client, helo, sender and recipient.
Once that is in place postscreen can have weighted DNSBLs and simplified
greylisting, and by then it becomes viable for the stable release.
Wietse
I believe Ralf's request is about the smtp rejection message
sent to the remote client, not about postfix logging.
ie. the current reject response in postscreen.c around line
920 or so looks something like:
if (dnsbl_action == PS_ACT_DROP) {
smtp_reply(vstream_fileno(state->smtp_client_stream),
state->smtp_client_addr, state->smtp_client_port,
"521 5.7.1 Blocked by DNSBL\r\n");
state->flags |= PS_FLAG_NOFORWARD;
}
Often complaints are reported by a remote customer forwarding
the reject message by an alternate channel. It would be easier
to track down customer complaints if the reject message contained
"521 5.7.1 Client 192.0.2.1 Blocked by DNSBL"
Yes, the enhanced logging would help too, since you could then
search logs for the rejected sender, but this is a far smaller
change that would help a great deal in some cases.
(I wanted to include a patch, but my C foo is limited to
cut-and-paste, and sometimes I manage to mess that up too.)
-- Noel Jones
