On Fri, Dec 13, 2019 at 11:03:49AM +0100, Claus R. Wickinghoff wrote:
Dec 13 09:16:27 mole postfix/postscreen[1771]: PASS OLD [45.146.203.135]:49121
Now it reconnects and with the cache entry it's calssified as "PASS OLD"
and got redirected to smtpd...
Dec 13 09:16:27 mole postfix/smtpd[1839]: 369B040088:
client=tremble.sckenz.com[45.146.203.135]
tremble.sckenz.com[45.146.203.135] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
...and delivers its spam.
If I check some blacklists now, I got hits:
LISTED Spamhaus ZEN 45.146.203.135 was listed 60 0
Ignore
On 13.12.19 11:30, Viktor Dukhovni wrote:
My advice would be to enable zen.spamhaus.org (or similar mainstream low
FP rate RBL) on a per-message basis in smtpd(8):
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org
The purpose of postscreen is to try to keep botnets from consuming all
your SMTP connection slots. You should have anti-spam measures in place
for the clients that get through.
I would avoid unduly short postscreen cache times, that can lead to
legitimate clients not getting through at all.
I'm not sure if that would help. Apparently, both postscreen and smtpd will
use the same nameserver for dnsbl lookup, and if it's cached from previous
postscreen lookup, it will probably give the same result.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".
