[email protected]:
> I've added blocking by TLD to my setup. Right now, it blocks at helo checks.
>
> It's working.
>
> Looking at my logs, EVERY time I get a 'bad TLD' connection, there's always 2
> similar reject entries, but only one CONNECT/PASS For example
>
> Apr 4 19:55:38 mail01 postfix/postscreen[7444]: CONNECT from
> [74.63.250.84]:44441 to [198.51.100.29]:25
> Apr 4 19:55:44 mail01 postfix/postscreen[7444]: PASS NEW
> [74.63.250.84]:44441
> Apr 4 19:55:44 mail01 postfix/psint/smtpd[7450]: connect from
> g87d686d.darrylloves.science[74.63.250.84]
> Apr 4 19:55:45 mail01 postfix/psint/smtpd[7450]: NOQUEUE: reject: EHLO
> from g87d686d.darrylloves.science[74.63.250.84]: 554 5.7.1
> <g87d686d.darrylloves.science>: Helo command rejected: TLD; proto=SMTP
> helo=<g87d686d.darrylloves.science>
> Apr 4 19:55:45 mail01 postfix/psint/smtpd[7450]: NOQUEUE: reject: HELO
> from g87d686d.darrylloves.science[74.63.250.84]: 554 5.7.1
> <g87d686d.darrylloves.science>: Helo command rejected: TLD; proto=SMTP
> helo=<g87d686d.darrylloves.science>
> Apr 4 19:55:45 mail01 postfix/psint/smtpd[7450]: disconnect from
> g87d686d.darrylloves.science[74.63.250.84] helo=0/1 ehlo=0/1 quit=1
> commands=1/3
>
> I'm not exactly sure why I'm getting one CONNECT and 2 REJECTs.
The client sent two RCPT TO commands. Why did it try the same
recipient twice? No idea, I didn't write the client code.
Wietse
