[pfx] Re: postscreen and checking proper operation

Tue, 02 May 2023 05:46:21 -0700 

Alex via Postfix-users:
> Hi,
> 
> I have postscreen implemented on postfix-3.7.3 on fedora37, and not sure I
> understand if it's working properly. Sometimes I see the postscreen/dnsblog
> combination ending with a simple DISCONNECT. In this case, it met the
> 8-point threshold to be rejected, but appears to only received a DISCONNECT:
> 
> May  1 20:57:53 petra postfix-226/postscreen[1104961]: CONNECT from
> [95.214.27.139]:50021 to [5.196.7.226]:25
> May  1 20:57:53 petra postfix-226/postscreen[1104961]: PREGREET 11 after
> 0.01 from [95.214.27.139]:50021: EHLO User\r\n
> May  1 20:57:53 petra postfix-226/dnsblog[1105023]: addr 95.214.27.139
> listed by domain bl.mailspike.net as 127.0.0.2
> May  1 20:57:53 petra postfix-226/dnsblog[1105041]: addr 95.214.27.139
> listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.4
> May  1 20:57:53 petra postfix-226/dnsblog[1105041]: addr 95.214.27.139
> listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.2
> May  1 20:57:53 petra postfix-226/dnsblog[1105041]: addr 95.214.27.139
> listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.9
> May  1 20:57:53 petra postfix-226/dnsblog[1105024]: addr 95.214.27.139
> listed by domain score.senderscore.com as 127.0.4.6
> May  1 20:57:53 petra postfix-226/dnsblog[1105025]: addr 95.214.27.139
> listed by domain sip-sip24.mykey.invaluement.com as 127.0.0.2
> May  1 20:57:53 petra postfix-226/postscreen[1104961]: DNSBL rank 23 for
> [95.214.27.139]:50021
> May  1 20:57:54 petra postfix-226/postscreen[1104961]: DISCONNECT
> [95.214.27.139]:50021

With postscreen_greet_action = enforce:

    server: 220-myhostname ESMTP
    client: EHLO User
    server: 550 5.5.1 Protocol error
    client disconnects immediately

> while other times I do see there is a NOQUEUE/reject involved:
> May  1 20:13:15 petra postfix-226/postscreen[1095132]: CONNECT from
> [185.146.23.43]:46126 to [5.196.7.226]:25
> May  1 20:13:15 petra postfix-226/dnsblog[1095229]: addr 185.146.23.43
> listed by domain score.senderscore.com as 127.0.4.89
> May  1 20:13:15 petra postfix-226/dnsblog[1095233]: addr 185.146.23.43
> listed by domain bb.barracudacentral.org as 127.0.0.2
> May  1 20:13:15 petra postfix-226/dnsblog[1095232]: addr 185.146.23.43
> listed by domain sip-sip24.mykey.invaluement.com as 127.0.0.2
> May  1 20:13:21 petra postfix-226/postscreen[1095132]: DNSBL rank 13 for
> [185.146.23.43]:46124
> May  1 20:13:21 petra postfix-226/postscreen[1095132]: NOQUEUE: reject:
> RCPT from [185.146.23.43]:46124: 550 5.7.1 Service unavailable; client
> [185.146.23.43] blocked using DNS Blocklist (invaluement); from=<
> simon...@server.sito-wp.com>, to=<tina.pe...@example.com>, proto=ESMTP,
> helo=<server.sito-wp.com>

Here, the client passed the PREGREET test, but failed the DNSBL
check, and with "postscreen_dnsbl_action = enforce" was redirected
to the dummy SMTP engine.

It's working exactly as promised.

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to