We are seeing a message that I don't understand on our postfix servers with
postscreen enabled. Here is a rejection message from maillog when a test
tries to e-mail abuse@ address:
2012-06-04T12:45:23.773219-04:00 mx2 postfix/postscreen[4312]: NOQUEUE:
reject: RCPT from [174.133.202.226]:2860: 450 4.3.2 Service currently
unavailable; from=<>, to=<ab...@shambhala.com>, proto=SMTP,
helo=<test.DNSreport.com>
Service currently unavailable doesn't make sense as a rejection message. Is
it referring to the postscreen service not being available? I think it is
setup correctly. Here is the setup of master.cf and then main.cf
master.cf
=============
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
smtp-amavis unix - - n - 5 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,n
o_milters
-o local_header_rewrite_clients=
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
main.cf
=============
address_verify_map = btree:/var/lib/postfix/address_verify.map
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 12h
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_sender = postmaster
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
biff = no
body_checks = pcre:/etc/postfix/HEADER_AND_BODY_CHECKS/body_checks.regexp
bounce_queue_lifetime = 1h
bounce_size_limit = 10000
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb
$daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 100
default_destination_recipient_limit = 50
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks =
pcre:/etc/postfix/HEADER_AND_BODY_CHECKS/header_checks.regexp
html_directory = no
ignore_mx_lookup_error = no
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
local_destination_concurrency_limit = 2
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 1000s
maximal_queue_lifetime = 2d
message_size_limit = 20000000
mime_header_checks =
pcre:/etc/postfix/HEADER_AND_BODY_CHECKS/mime_header_checks.regexp
minimal_backoff_time = 300s
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = mandala-designs.com
mynetworks = 127.0.0.0/8, 127.0.0.1, 192.168.1.0/24, 216.27.63.0/24,
216.195.213.48/28
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
bl.spameatingmonkey.net*2 bl.spamcop.net*1 swl.spamhaus.org*-5
list.dnswl.org*-5 hostkarma.junkemailfilter.com=127.0.0.1*-5
postscreen_dnsbl_threshold = 3
postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_delimiter = +
reject_code = 550
relay_domains = shambhala.com, hash:/etc/postfix/transport.map
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_always_send_ehlo = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_limit_exceptions = $mynetworks
smtpd_client_restrictions = reject_unauth_pipelining, check_client_access
hash:/etc/postfix/NETWORK_CHECKS/rbl_override.map, reject_rbl_client
b.barracudacentral.org, reject_rbl_client bl.spamcop.net, reject_rbl_client
zen.spamhaus.org, reject_rbl_client dnsbl.njabl.org, reject_rhsbl_sender
dsn.rfc-ignorant.org, reject_rbl_client spamsources.fabel.dk,
reject_invalid_helo_hostname, warn_if_reject reject_unknown_hostname,
warn_if_reject reject_non_fqdn_hostname, permit
smtpd_delay_reject = yes
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, check_sender_access
hash:/etc/postfix/EMAIL_ADDRESS_CHECKS/mywhitelist.map,
check_recipient_access
hash:/etc/postfix/EMAIL_ADDRESS_CHECKS/mywhitelist_recipients.map,
check_sender_access hash:/etc/postfix/EMAIL_ADDRESS_CHECKS/myspamlist.map,
reject_unauth_destination, check_sender_access
hash:/etc/postfix/NETWORK_CHECKS/disallow_my_domain.map,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unverified_recipient, reject_unknown_reverse_client_hostname,
reject_unknown_sender_domain, check_sender_access
pcre:/etc/postfix/MISC_CHECKS/ascii.pcre, check_recipient_access
pcre:/etc/postfix/MISC_CHECKS/ascii.pcre, check_sender_mx_access
cidr:/etc/postfix/NETWORK_CHECKS/drop.cidr, check_policy_service
inet:127.0.0.1:10023, check_helo_access
pcre:/etc/postfix/NETWORK_CHECKS/helo_hostnames.pcre,
pcre:/etc/postfix/EMAIL_ADDRESS_CHECKS/to_recipients_bw.regexp
reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport.map
unknown_address_reject_code = 550
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
