Hello, I would ask help about a problem with my postscreen. I have four MX servers using postscreen with one shared memcached server.
Sometimes, a zombi already blocked by dnsbl receive a PASS NEW instead of a reject. I can't understand why, maybe there is something wrong in my configuration. Cound you help me? Here it follows an example. Look at this: 2012-07-26T14:26:35.049762+02:00 01as postfix/dnsblog[1109]: addr 84.15.191.254 listed by domain psbl.surriel.com as 127.0.0.2 2012-07-26T14:26:35.096771+02:00 01as postfix/dnsblog[1112]: addr 84.15.191.254 listed by domain ubl.unsubscore.com as 127.0.0.2 2012-07-26T14:26:35.271720+02:00 01as postfix/dnsblog[1111]: addr 84.15.191.254 listed by domain dnsbl.sorbs.net as 127.0.0.7 2012-07-26T16:05:10.807425+02:00 01as postfix/dnsblog[6435]: addr 84.15.191.254 listed by domain zen.dnsbl as 127.0.0.4 2012-07-26T16:05:10.854882+02:00 01as postfix/dnsblog[6433]: addr 84.15.191.254 listed by domain dnsbl.sorbs.net as 127.0.0.7 2012-07-26T16:05:10.866129+02:00 01as postfix/dnsblog[6440]: addr 84.15.191.254 listed by domain bl.spamcop.net as 127.0.0.2 For a reason I can't know at 14h26.35 postscreen starts to "pass new" a zombi that have a rank 7 of dnsbl: 2012-07-26T14:26:30.587633+02:00 02as postfix/dnsblog[22895]: addr 84.15.191.254 listed by domain ubl.unsubscore.com as 127.0.0.2 2012-07-26T14:26:30.588483+02:00 02as postfix/dnsblog[22903]: addr 84.15.191.254 listed by domain psbl.surriel.com as 127.0.0.2 2012-07-26T14:26:32.681261+02:00 04as postfix/postscreen[27121]: CONNECT from [84.15.191.254]:46110 to [158.102.109.70]:25 2012-07-26T14:26:32.682406+02:00 04as postfix/dnsblog[967]: addr 84.15.191.254 listed by domain dnsbl-1.uceprotect.net as 127.0.0.2 2012-07-26T14:26:32.683251+02:00 04as postfix/dnsblog[969]: addr 84.15.191.254 listed by domain bl.spamcop.net as 127.0.0.2 2012-07-26T14:26:32.684259+02:00 04as postfix/dnsblog[965]: addr 84.15.191.254 listed by domain zen.dnsbl as 127.0.0.4 2012-07-26T14:26:32.684635+02:00 04as postfix/dnsblog[969]: addr 84.15.191.254 listed by domain dnsbl.sorbs.net as 127.0.0.7 2012-07-26T14:26:32.685046+02:00 04as postfix/dnsblog[967]: addr 84.15.191.254 listed by domain ubl.unsubscore.com as 127.0.0.2 2012-07-26T14:26:32.685602+02:00 04as postfix/dnsblog[966]: addr 84.15.191.254 listed by domain psbl.surriel.com as 127.0.0.2 2012-07-26T14:26:34.965295+02:00 01as postfix/dnsblog[1127]: addr 84.15.191.254 listed by domain dnsbl-1.uceprotect.net as 127.0.0.2 2012-07-26T14:26:35.025988+02:00 01as postfix/dnsblog[1122]: addr 84.15.191.254 listed by domain bl.spamcop.net as 127.0.0.2 2012-07-26T14:26:35.049762+02:00 01as postfix/dnsblog[1109]: addr 84.15.191.254 listed by domain psbl.surriel.com as 127.0.0.2 2012-07-26T14:26:35.096771+02:00 01as postfix/dnsblog[1112]: addr 84.15.191.254 listed by domain ubl.unsubscore.com as 127.0.0.2 2012-07-26T14:26:35.271720+02:00 01as postfix/dnsblog[1111]: addr 84.15.191.254 listed by domain dnsbl.sorbs.net as 127.0.0.7 2012-07-26T14:26:35.460592+02:00 01as postfix/postscreen[15252]: NOQUEUE: reject: RCPT from [84.15.191.254]:21751: 450 4.3.2 Service current ly unavailable; from=<briske...@mthai.com>, to=<cafone.espos...@ziopino.it>, proto=ESMTP, helo=<[84.15.191.254]> 2012-07-26T14:26:35.614905+02:00 01as postfix/postscreen[15252]: HANGUP after 0.59 from [84.15.191.254]:21751 in tests after SMTP handshake 2012-07-26T14:26:35.614917+02:00 01as postfix/postscreen[15252]: PASS NEW [84.15.191.254]:21751 2012-07-26T14:26:35.616633+02:00 01as postfix/postscreen[15252]: DISCONNECT [84.15.191.254]:21751 2012-07-26T14:26:36.013039+02:00 02as postfix/postscreen[678]: DNSBL rank 7 for [84.15.191.254]:21516 2012-07-26T14:26:36.456085+02:00 02as postfix/postscreen[678]: NOQUEUE: reject: RCPT from [84.15.191.254]:21516: 550 5.7.1 Service unavailab le; client [84.15.191.254] blocked using dnsbl-1.uceprotect.net; from=<savoy...@admail.com.ar>, to=<erminio.ott...@ziopino.it>, pro to=ESMTP, helo=<[84.15.191.254]> 2012-07-26T14:26:36.596920+02:00 02as postfix/postscreen[678]: HANGUP after 0.58 from [84.15.191.254]:21516 in tests after SMTP handshake 2012-07-26T14:26:36.596932+02:00 02as postfix/postscreen[678]: DISCONNECT [84.15.191.254]:21516 2012-07-26T14:26:38.033424+02:00 04as postfix/postscreen[27121]: DNSBL rank 7 for [84.15.191.254]:46110 2012-07-26T14:26:38.449749+02:00 04as postfix/postscreen[27121]: NOQUEUE: reject: RCPT from [84.15.191.254]:46110: 550 5.7.1 Service unavail able; client [84.15.191.254] blocked using dnsbl.sorbs.net; from=<entrances...@hemc.net>, to=<apollo...@ziopino.it>, proto=ESMTP, hel o=<[84.15.191.254]> 2012-07-26T14:26:38.609379+02:00 04as postfix/postscreen[27121]: HANGUP after 0.58 from [84.15.191.254]:46110 in tests after SMTP handshake 2012-07-26T14:26:38.609390+02:00 04as postfix/postscreen[27121]: DISCONNECT [84.15.191.254]:46110 2012-07-26T14:26:51.459052+02:00 03as postfix/postscreen[31870]: CONNECT from [84.15.191.254]:21836 to [158.102.109.69]:25 2012-07-26T14:26:51.459249+02:00 03as postfix/postscreen[31870]: PASS OLD [84.15.191.254]:21836 2012-07-26T14:26:51.641323+02:00 03as postfix/smtpd[16634]: connect from unknown[84.15.191.254] 2012-07-26T14:26:51.972631+02:00 03as postfix/smtpd[16634]: ED6BA596F3A: client=unknown[84.15.191.254] 2012-07-26T14:26:52.408466+02:00 03as amavis[18028]: (18028-08) Checking: MFeWLMK8XN0s [84.15.191.254] <peritoneumso...@bernina.co.il> -> <ziop...@ziopino.it> 2012-07-26T14:26:52.489638+02:00 03as postfix/smtpd[16634]: disconnect from unknown[84.15.191.254] 2012-07-26T14:26:53.018148+02:00 03as amavis[18028]: (18028-08) Blocked SPAM, [84.15.191.254] [84.15.191.254] <peritoneumso...@bernina.co.il -> <ziop...@ziopino.it>, quarantine: MFeWLMK8XN0s[30], Message-ID: <fumm6h-q9z2gz...@retklchdjsmdsnebge.luther.k12.wi.us>, ma il_id: MFeWLMK8XN0s, Hits: 10.429, size: 3464, pt: 30, 662 ms [...] Why did this happens? The postscreen conf is the same on all MX servers: [root@01as ]# postconf -n | grep postscreen postscreen_access_list = permit_mynetworks, cidr:/etc/postfix /postscreen_access.cidr postscreen_bare_newline_action = enforce postscreen_bare_newline_enable = yes postscreen_blacklist_action = drop postscreen_cache_map = memcache:/etc/postfix/memcache-postscreen.cf postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen-dnsbl-reply-map postscreen_dnsbl_sites = zen.dnsbl*2 bl.spamcop.net*1 b.barracudacentral.org*1 dnsbl.sorbs.net*1 psbl.surriel.com*1 ubl.unsubscore.com*1 dnsbl-1.uceprotect.net*1 dnsbl-2.uceprotect.net*1 dnsbl-3.uceprotect.net*2 postscreen_dnsbl_threshold = 2 postscreen_greet_action = enforce postscreen_greet_banner = ucas.csi.it ESMTP $mail_name. I don't remember of you, I'll check your mind! postscreen_greet_ttl = 7d postscreen_non_smtp_command_enable = yes postscreen_pipelining_enable = yes mail_version = 2.9.1 This is the content of memcache-postscreen.cf, identical on all MX servers: [root@01as ]# cat /etc/postfix/memcache-postscreen.cf memcache = inet:01as:11211 backup = btree:/var/lib/postfix/postscreen_cache # TTL if you don't use backup ttl = 2592000 # Remember # postscreen_cache_cleanup_interval = 0 # on ALL instances if you DON'T use backup. Thank you very much for every hints. Regards Marco
