Hello,
I'm starting to see blocks on my messages to my mail server. For some
reason postscreen is not letting any gmail servers send mail, it's
blocking them.
Has anyone got an idea or have you seen this?
Here's my postscreen setup:
# postscreen(8) settings
### Before-220 tests
postscreen_greet_action = enforce
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_access_list = permit_mynetworks
cidr:/usr/local/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_reply_map =
pcre:/usr/local/etc/postfix/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = zen.spamhaus.org*3
b.barracudacentral.org*2
bl.spameatingmonkey.net*2
dnsbl.ahbl.org*2
bl.spamcop.net
dnsbl.sorbs.net
psbl.surriel.com
bl.mailspike.net
swl.spamhaus.org*-4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -2
### End of before-220 tests
### After-220 tests
### WARNING -- See "Tests after the 220 SMTP server greeting" in the
### Postscreen Howto and *UNDERSTAND* it *BEFORE* you enable the
### following tests!
#postscreen_bare_newline_action = drop
#postscreen_bare_newline_enable = yes
#postscreen_non_smtp_command_action = drop
#postscreen_non_smtp_command_enable = yes
#postscreen_pipelining_enable = yes
#postscreen_pipelining_action = drop
### ADDENDUM: Any one of the foregoing three *_enable settings may cause
### significant and annoying mail delays.
# For sharing a tempoary whitelist of addresses
postscreen_cache_map = proxy:btree:${data_directory}/postscreen_cache
postscreen_cache_cleanup_interval = 0
# Rules are evaluated in the order as specified.
# Blacklist 192.168.* except 192.168.0.1.
# /usr/local/etc/postfix/postscreen_access.cidr 2011-02-27
# A simple combined white/blacklist
# Only "permit", "reject" and "dunno" work on the RHS
# This is a CIDR table, so see cidr_table(5) for LHS syntax
# Permit local clients
127.0.0.0/8 permit
# 2011-05-17 brute force attack
# May 17 05:35:14 cardinal postfix/anvil[3667]: statistics: max
# connection count 47 for (smtpd:66.23.228.27) at May 17 05:31:38
66.23.228.27 reject
# a lot from here including some DBL hits
108.62.112.160/29 reject
# 2011-08-09 eWayDirect whitelisted, but hitting spamtraps
# was having PREGREET protocol errors before today
207.45.161.0/24 reject
##
# 2011-11-22 brute force mail attacks, smtp and imap
61.175.253.59 reject
# 2012-09-23 spammer not in DNSBLs
66.7.197.45 reject
# 2012-11-19 hillapex.com spammer
184.173.107.11 reject
# Allow gmail server through
74.125.82.43 permit
Any assistance appreciated.
Thanks.
Dave.
