On Tue, 31 Jan 2012 06:17:39 -0600, Noel Jones <njo...@megan.vbhcs.org> wrote:
> You need to set both "postscreen_blacklist_action = drop" and > "soft_bounce = yes". The soft_bounce changes the 521 hangup into a > 421 hangup. Thank you Noel, If we wanted a mere 4.x.x hangup, it would be more elegant to set a single 'master_service_disable = inet' as Viktor Dukhovni pointed out. > Alternately, you can use "postscreen_blacklist_action = enforce" > with "soft_bounce = yes". This delays the 450 reject until the > client sends recipient information. The intention is neither to delay until some other event. The intention is to simply have postscreen immediately answer '450 Service currently unavailable' to all connections (friend or foe) that are presented to it. So, ideally: a) postscreen must answer. It is not enough to simply drop the connection as 421 does; b) it must the answer as it does at every first encounter with a new IP, i.e., with a '450 Service currently unavailable'. It did not imagine that it would be so difficult to configure postscreen/postfix to achieve such a simple specification. Thank you, M.
