It can be nice to have stupid systems out there that repeatedly connect and try to deliver junk, I can use for testing new rules. :) I'm trying to test blacklists in postscreen. From what I read on the postscreen readme, the following should work to block this IP, but alas the IP is still able to talk with smtpd. :(
I'm running version 2.9.1, configuration /usr/local/etc/postfix May 12 19:20:55 mta01 postfix/postscreen[10488]: CONNECT from [211.155.26.83]:54916 to [192.168.7.30]:25 May 12 19:20:55 mta01 postfix/postscreen[10488]: BLACKLISTED [211.155.26.83]:54916 May 12 19:20:55 mta01 postfix/postscreen[10488]: PASS OLD [211.155.26.83]:54916 From what I've read on the readme When the SMTP client address appears on the temporary whitelist, postscreen(8) logs this with the client address and port number as: PASS OLD [address]:port I don't understand why the IP would be whitelisted. I had stopped postfix, removed the postscreen cache and restarted postfix, thus no cache and this is the first time the IP has connected. Any ideas? May 12 19:21:10 mta01 postfix/smtpd[10510]: connect from unknown[211.155.26.83] May 12 19:21:10 mta01 postfix/smtpd[10510]: 3VqdLt5d81zV3gb: client=unknown[211.155.26.83] May 12 19:21:12 mta01 postfix/smtpd[10510]: 3VqdLt5d81zV3gb: reject: RCPT from unknown[211.155.26.83]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [211.155.26.83]; from=<postmas...@gcec.com.cn> to=<c...@balius.com> proto=ESMTP helo=<mail.gcec.com.cn> May 12 19:21:13 mta01 postfix/smtpd[10510]: disconnect from unknown[211.155.26.83] Then about 15 seconds later the client connects again only this time it is talking with smtpd, not postscreen. Which makes sense given whitelisting that happened above, but still not what I wanted to happen. [root@mta01 /postfix]# grep postscreen main.cf postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/maps/postscreen_access.cidr postscreen_greet_action = enforce postscreen_pipelining_action = enforce postscreen_pipelining_enable = yes postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = yes postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = yes [root@mta01 /postfix]# cat maps/postscreen_access.cidr #Rules are evaluated in the order as specified # # example: # 192.168.0.1 permit # 192.168.0.0/16 reject # 211.155.26.83 reject Thank you, Chad