[pfx] DNSBL rank log messages after HANGUP

Wed, 06 Mar 2024 18:07:29 -0800 


Today I noticed that, occasionally, I see a syslog message stating "blocked 
using zen.spamhaus..." but no matching "DNSBL rank ..." message. 

A couple of examples from the past two days:

postfix/postscreen 84893 - - CONNECT from [43.157.61.211]:30092 to 
[192.168.11.2]:25
postfix/dnsblog 84894 - - addr 43.157.61.211 listed by domain zen.spamhaus.org 
as 127.0.0.11
postfix/postscreen 84893 - - HANGUP after 3.2 from [43.157.61.211]:30092 in 
tests before SMTP handshake
postfix/postscreen 84893 - - DISCONNECT [43.157.61.211]:30092

postfix/postscreen 1274 - - CONNECT from [45.83.66.127]:42402 to 
[192.168.11.2]:25
postfix/dnsblog 1276 - - addr 45.83.66.127 listed by domain zen.spamhaus.org as 
127.0.0.11
postfix/postscreen 1274 - - HANGUP after 5.3 from [45.83.66.127]:42402 in tests 
before SMTP handshake
postfix/postscreen 1274 - - DISCONNECT [45.83.66.127]:42402

postfix/postscreen 1292 - - CONNECT from [64.62.197.225]:56707 to 
[192.168.11.2]:25
postfix/dnsblog 1294 - - addr 64.62.197.225 listed by domain zen.spamhaus.org 
as 127.0.0.4
postfix/postscreen 1292 - - HANGUP after 4.5 from [64.62.197.225]:56707 in 
tests before SMTP handshake
postfix/postscreen 1292 - - DISCONNECT [64.62.197.225]:56707

My postscreen_dnsbl_* settings are:

postscreen_dnsbl_action = enforce
postscreen_dnsbl_allowlist_threshold = -1
postscreen_dnsbl_sites = zen.spamhaus.org*2, list.dnswl.org*-6
postscreen_dnsbl_threshold = 2

Some other syslog records do have the DNSBL rank.  For example:

postfix/postscreen 86907 - - CONNECT from [185.242.226.22]:49012 to 
[192.168.11.2]:25
postfix/dnsblog 86910 - - addr 185.242.226.22 listed by domain zen.spamhaus.org 
as 127.0.0.3
postfix/postscreen 86907 - - DNSBL rank 2 for [185.242.226.22]:49012
postfix/postscreen 86907 - - HANGUP after 0.8 from [185.242.226.22]:49012 in 
tests after SMTP handshake
postfix/postscreen 86907 - - DISCONNECT [185.242.226.22]:49012
 
My syslogd (and system as a whole) is far from busy.  

Postfix 3.8.4 on FreeBSD 13.2-RELEASE-p8
-- 
Cheers,
Phil

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to