Re: Postscreen blacklist - Service currently unavailable

Thu, 08 Mar 2018 14:40:15 -0800 

On 8 Mar 2018, at 0:59 (-0500), Maurizio Caloro wrote:


[Main.cf]

postscreen_blacklist_action = drop

postscreen_access_list = permit_mynetworks, hash:/etc/postfix/access

postscreen_bare_newline_enable = yes
Remove this. See http://www.postfix.org/POSTSCREEN_README.html#after_220 for the details. 


postscreen_dnsbl_action = enforce

postscreen_dnsbl_sites =

   zen.spamhaus.org*3

   bl.mailspike.net*3

   b.barracudacentral.org*2

   bl.spameatingmonkey.net

   bl.spamcop.net

   spamtrap.trblspam.com
Remove this. That DNSBL has been dead for many years and using it is actively harmful. See https://www.dnsbl.com/2013/04/status-of-spamtraptrblspamcom-dead.html. 

[...]



[Mail.log]
Mar  4 21:59:40 Dovecot/imap(mca@domain): Info: Disconnected: Logged out in=1443 out=219620
Mar  4 22:00:13 mail postfix/postscreen[1050]: CONNECT from [IP]:45143 to [IP]:25
Mar  4 22:00:13 mail postfix/dnsblog[1060]: addr [IP] listed by domain list.dnswl.org as 127.0.3.0
Mar  4 22:00:13 mail postfix/dnsblog[1076]: addr IP listed by domain spamtrap.trblspam.com as 185.53.179.6
There's the damage: spamtrap.trblspam.com is "listing everything" because the domain vultures who now own trblspam.com have a wildcard A record under the zone. Because your configuration doesn't specify a reply code for spamtrap.trblspam.com listings or a score, you are giving everything a DNSBL point for no reason. 
[...]
Mar  4 22:00:19 mail postfix/postscreen[1050]: NOQUEUE: reject: RCPT from [40.92.69.70]:45143: 450 4.3.2 Service currently unavailable; from=<form email>, to:<email>, proto=ESMTP, helo=<EUR02-VE1-obe.outbound.protection.outlook.com>
"450" is a transient error, telling the sender to retry the message. This is necessary because postscreen cannot pass the connection to smtpd after it has sent the greeting banner and examined the EHLO command from the client. If the client reconnects within a reasonable period, it will bypass postscreen testing because it has already passed once and that fact is cached. 

--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

Reply via email to