Am 2013-04-24 15:59, schrieb Tony Nelson:
After reading through the recent Postscreen DNSBL threads I decided
to give it a try.
I used Rob's example from http://rob0.nodns4.us/postscreen.html [1]
as a leaping off point, but chose to leave pipelining disabled until
I'm sure I understand what I have going on.
I definitely see some mail coming in from the outside world being
passed through, and I also see some being blocked by various RBLs
which is great. I also see a few blocks that I can't identity the
reason for.
A specific example:
tnelson@njmail:/var/log$ grep i...@opulum.us mail.log
Apr 24 09:46:21 njmail postfix/postscreen[8764]: NOQUEUE: reject:
RCPT from [142.11.233.149]:21725: 450 4.3.2 Service currently
unavailable; from=<i...@opulum.us>, to=<validu...@starpoint.com>,
proto=ESMTP, helo=<dsc149.opulum.us [2]>
Service unavailable makes me think I have a problem with my config.
Digging a little further:
tnelson@njmail:/var/log$ grep 142.11.233.149 mail.log
Apr 24 09:46:15 njmail postfix/postscreen[8764]: CONNECT from
[142.11.233.149]:21725 to [192.168.6.66]:25
Apr 24 09:46:21 njmail postfix/postscreen[8764]: NOQUEUE: reject:
RCPT from [142.11.233.149]:21725: 450 4.3.2 Service currently
unavailable; from=<i...@opulum.us>, to=<validu...@starpoint.com>,
proto=ESMTP, helo=<dsc149.opulum.us [2]>
Apr 24 09:46:21 njmail postfix/postscreen[8764]: PASS NEW
[142.11.233.149]:21725
Apr 24 09:46:21 njmail postfix/postscreen[8764]: DISCONNECT
[142.11.233.149]:21725
Why is there a "PASS NEW" after the "NOQUEUE"? I'm obviously missing
something, but I can't figure out what.
Thanks for any help,
Tony Nelson
This is the config I've setup:
# config originally from http://rob0.nodns4.us/postscreen.html [1]
postscreen_access_list =
permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
pcre:/etc/postfix/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
zen.spamhaus.org [3]*3
b.barracudacentral.org [4]*2
bl.spameatingmonkey.net [5]*2
dnsbl.ahbl.org [6]*2
bl.spamcop.net [7]
dnsbl.sorbs.net [8]
psbl.surriel.com [9]
bl.mailspike.net [10]
swl.spamhaus.org [11]*-4
list.dnswl.org [12]=127.[0..255].[0..255].0*-2
list.dnswl.org [12]=127.[0..255].[0..255].1*-3
list.dnswl.org [12]=127.[0..255].[0..255].[2..255]*-4
postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes
-------------------------
Since 1982, Starpoint Solutions has been a trusted source of human
capital and solutions. We are committed to our clients, employees,
environment, community and social concerns. We foster an inclusive
culture based on trust, respect, honesty and solid performance. Learn
more about Starpoint and our social responsibility at
http://www.starpoint.com/social_responsibility
-------------------------
This email message from Starpoint Solutions LLC is for the sole use
of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply email and destroy all copies of the
original message. Opinions, conclusions and other information in this
message that do not relate to the official business of Starpoint
Solutions shall be understood as neither given nor endorsed by it.
Links:
------
[1] http://rob0.nodns4.us/postscreen.html
[2] http://dsc149.opulum.us
[3] http://zen.spamhaus.org
[4] http://b.barracudacentral.org
[5] http://bl.spameatingmonkey.net
[6] http://dnsbl.ahbl.org
[7] http://bl.spamcop.net
[8] http://dnsbl.sorbs.net
[9] http://psbl.surriel.com
[10] http://bl.mailspike.net
[11] http://swl.spamhaus.org
[12] http://list.dnswl.org
Tony,
in robs config example, have you SEEN this:
### Postscreen Howto and *UNDERSTAND* it *BEFORE* you enable the
### following tests!
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
### ADDENDUM: Any one of the foregoing three *_enable settings may
cause
### significant and annoying mail delays.
READ the postscreen howto, and understand what happens.
i would not recommend you to enable this.
marko
