On 8 Mar 2018, at 0:59 (-0500), Maurizio Caloro wrote:
[Main.cf]
postscreen_blacklist_action = drop
postscreen_access_list = permit_mynetworks, hash:/etc/postfix/access
postscreen_bare_newline_enable = yes
Remove this. See http://www.postfix.org/POSTSCREEN_README.html#after_220
for the details.
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites =
zen.spamhaus.org*3
bl.mailspike.net*3
b.barracudacentral.org*2
bl.spameatingmonkey.net
bl.spamcop.net
spamtrap.trblspam.com
Remove this. That DNSBL has been dead for many years and using it is
actively harmful. See
https://www.dnsbl.com/2013/04/status-of-spamtraptrblspamcom-dead.html.
[...]
[Mail.log]
Mar 4 21:59:40 Dovecot/imap(mca@domain): Info: Disconnected: Logged
out in=1443 out=219620
Mar 4 22:00:13 mail postfix/postscreen[1050]: CONNECT from
[IP]:45143 to [IP]:25
Mar 4 22:00:13 mail postfix/dnsblog[1060]: addr [IP] listed by
domain list.dnswl.org as 127.0.3.0
Mar 4 22:00:13 mail postfix/dnsblog[1076]: addr IP listed by domain
spamtrap.trblspam.com as 185.53.179.6
There's the damage: spamtrap.trblspam.com is "listing everything"
because the domain vultures who now own trblspam.com have a wildcard A
record under the zone. Because your configuration doesn't specify a
reply code for spamtrap.trblspam.com listings or a score, you are giving
everything a DNSBL point for no reason.
[...]
Mar 4 22:00:19 mail postfix/postscreen[1050]: NOQUEUE: reject: RCPT
from [40.92.69.70]:45143: 450 4.3.2 Service currently unavailable;
from=<form email>, to:<email>, proto=ESMTP,
helo=<EUR02-VE1-obe.outbound.protection.outlook.com>
"450" is a transient error, telling the sender to retry the message.
This is necessary because postscreen cannot pass the connection to smtpd
after it has sent the greeting banner and examined the EHLO command from
the client. If the client reconnects within a reasonable period, it will
bypass postscreen testing because it has already passed once and that
fact is cached.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole