As a new user (postfix as well as postscreen) I monitor maillog to get a
feel for how things work.
Today I noticed a site trying to AUTH from unknown (and I happen to know
there is no possibly valid user at that address).
I decided to try out blacklisting:
*postscreen_access.cidr:185.36.81.24 reject*
Postscreen at once acknowledged the blacklisting but does not (yet?) block:
Oct 31 12:45:00 hermes postfix/postscreen[7300]: CONNECT from
[185.36.81.24]:58505 to [192.168.30.11]:25
Oct 31 12:45:00 hermes postfix/postscreen[7300]: *BLACKLISTED*
[185.36.81.24]:58505
Oct 31 12:45:01 hermes postfix/postscreen[7300]: *PASS OLD
*[185.36.81.24]:58505
Oct 31 12:45:01 hermes postfix/smtpd/smtpd[7304]: *connect from
unknown*[185.36.81.24]
Oct 31 12:45:01 hermes postfix/smtpd/smtpd[7304]: lost connection after
AUTH from unknown[185.36.81.24]
Oct 31 12:45:01 hermes postfix/smtpd/smtpd[7304]: disconnect from
unknown[185.36.81.24] ehlo=1 auth=0/1 commands=1/2
What am I missing?