[email protected]:
> Hello,
>
> i have the problem that all mails hang by postscreen. I think I be not
> sure. I can not find a mistake in configuration. But local and from
> outside hang all mails in postscreen and goes not through.
>
> [root@de-fra ~]# cat /var/log/mail.log | grep "74.125.82.44"
> Jul 5 15:21:25 de-fra.silviosiefke.com postfix/postscreen[3244]: CONNECT
> from [74.125.82.44]:37019 to [178.254.26.48]:25
> Jul 5 15:21:31 de-fra.silviosiefke.com postfix/tlsproxy[3251]: CONNECT from
> [74.125.82.44]:37019
> Jul 5 15:21:31 de-fra.silviosiefke.com postfix/tlsproxy[3251]: Anonymous TLS
> connection established from [74.125.82.44]:37019: TLSv1.2 with cipher
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> Jul 5 15:21:31 de-fra.silviosiefke.com postfix/postscreen[3244]: NOQUEUE:
> reject: RCPT from [74.125.82.44]:37019: 450 4.3.2 Service currently
> unavailable; from=<[email protected]>, to=<[email protected]>,
> proto=ESMTP, helo=<mail-wm0-f44.google.com>
> Jul 5 15:21:31 de-fra.silviosiefke.com postfix/postscreen[3244]: HANGUP
> after 0.14 from [74.125.82.44]:37019 in tests after SMTP handshake
> Jul 5 15:21:31 de-fra.silviosiefke.com postfix/tlsproxy[3251]: DISCONNECT
> [74.125.82.44]:37019
> Jul 5 15:21:31 de-fra.silviosiefke.com postfix/postscreen[3244]: PASS NEW
> [74.125.82.44]:37019
> Jul 5 15:21:31 de-fra.silviosiefke.com postfix/postscreen[3244]: DISCONNECT
> [74.125.82.44]:37019
the next 30 days.
You have "postscreen_bare_newline_enable = yes". With this, postscreen
will require that the client passes a 'bare newline' test once every
30 days. The logging above has no "BARE NEWLINE" violation record,
and postscreen logs 'PASS NEW' which confirms that the client passed
all tests. postscreen then replies with "450 4.3.2 Service currently
unavailable" for reasons documented in the postscreen manpage.
Normally, postscreen saves the test result to the postscreen whitelist
cache (configured with postscreen_cache_map) so that the client can
skip the test for the next 30 days. This is not working.
The reason that the test keeps being repeated is that the test
result is not properly written to the postscreen whitelist cache.
This may be caused by a corrupted database file.
I suggest that you remove the postscreen_cache_map file and do
'postfix reload'.
Minor nit, unrelated to the broken whitelist problem:
> smtp inet n - n - 1 postscreen
> -o smtpd_proxy_filter=localhost:10025
> -o smtpd_client_connection_count_limit=10
> -o smtpd_proxy_options=speed_adjust
smtpd_proxy_filter is not a postscreen feature. It belongs with the
smtpd that follows postscreen, as shown below.
> smtpd pass - - n - - smtpd
> -o smtpd_proxy_filter=localhost:10025
> -o smtpd_sasl_auth_enable=no
You could also take the lame option and disable the bare newline
test. But that would still require the client to pass all tests on
every connection, resulting in unnecessary delays.
Wietse
