Postscreen blacklist - Service currently unavailable

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Postscreen blacklist - Service currently unavailable

Maurizio Caloro-2

Hello Together

i will download the Banned Blacklist IP from Internet and add to me Postfix with Postscreen

after i check the config from Postscreen i have the following configurations.

 

strange thing are i will become this message von Mail.log

Equal from where i send the email to my domain this error will be appair

- 450 4.3.2 Service currently unavailable

 

Postmap /etc/postfix/access

 

[Main.cf]

postscreen_blacklist_action = drop

postscreen_access_list = permit_mynetworks, hash:/etc/postfix/access

postscreen_bare_newline_enable = yes

postscreen_dnsbl_action = enforce

postscreen_dnsbl_sites =

   zen.spamhaus.org*3

   bl.mailspike.net*3

   b.barracudacentral.org*2

   bl.spameatingmonkey.net

   bl.spamcop.net

   spamtrap.trblspam.com

   ## dnsbl.sorbs.net=127.0.0.[2;3;6;7;10]

   ix.dnsbl.manitu.net

   bl.blocklist.de

   list.dnswl.org=127.0.[0..255].0*-1

   list.dnswl.org=127.0.[0..255].1*-2

   list.dnswl.org=127.0.[0..255].[2..3]*-3

   list.dnswl.org=127.0.[0..255].3*-8

   zen.spamhaus.org=127.0.0.9*25

   zen.spamhaus.org=127.0.0.3*10

   zen.spamhaus.org=127.0.0.2*5

   zen.spamhaus.org=127.0.0.[4..7]*3

   zen.spamhaus.org=127.0.0.[10..11]*3

   swl.spamhaus.org*-10

   iadb.isipp.com=127.0.[0..255].[0..255]*-2

   iadb.isipp.com=127.3.100.[6..200]*-2

   bl.mailspike.net=127.0.0.2*10

   bl.mailspike.net=127.0.0.10*5

   bl.mailspike.net=127.0.0.11*4

   bl.mailspike.net=127.0.0.12*3

   bl.mailspike.net=127.0.0.13*2

   bl.mailspike.net=127.0.0.14*1

   wl.mailspike.net=127.0.0.16*-2

   wl.mailspike.net=127.0.0.17*-4

   wl.mailspike.net=127.0.0.18*-6

   wl.mailspike.net=127.0.0.19*-8

   wl.mailspike.net=127.0.0.20*-10

   backscatter.spameatingmonkey.net*2

   bl.ipv6.spameatingmonkey.net*2

   bl.spameatingmonkey.net*2

   ix.dnsbl.manitu.net*2

   bl.spamcop.net*2

   db.wpbl.info*2

   psbl.surriel.com*2

   torexit.dan.me.uk*2

 

[Master.cf]

#smtp      inet  n       -       n       -       -       smtpd

                -o content_filter=spamassassin

smtp      inet  n       -       -       -       1       postscreen

                -o content_filter=spamassassin

smtpd     pass  -       -       -       -       -       smtpd

dnsblog   unix  -       -       -       -       0       dnsblog

tlsproxy  unix  -       -       -       -       0       tlsproxy

submission inet n       -       -       -       -       smtpd

  -o content_filter=spamassassin

....

 

[Mail.log]

Mar  4 21:59:40 Dovecot/imap(mca@domain): Info: Disconnected: Logged out in=1443 out=219620

Mar  4 22:00:13 mail postfix/postscreen[1050]: CONNECT from [IP]:45143 to [IP]:25

Mar  4 22:00:13 mail postfix/dnsblog[1060]: addr [IP] listed by domain list.dnswl.org as 127.0.3.0

Mar  4 22:00:13 mail postfix/dnsblog[1076]: addr IP listed by domain spamtrap.trblspam.com as 185.53.179.6

Mar  4 22:00:13 mail postfix/dnsblog[1077]: addr IP listed by domain wl.mailspike.net as 127.0.0.20

Mar  4 22:00:19 mail postfix/tlsproxy[1061]: CONNECT from [IP]:45143

Mar  4 22:00:19 mail postfix/tlsproxy[1061]: Anonymous TLS connection established from [IP]:45143: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)

Mar  4 22:00:19 mail postfix/postscreen[1050]: NOQUEUE: reject: RCPT from [40.92.69.70]:45143: 450 4.3.2 Service currently unavailable; from=<form email>, to:<email>, proto=ESMTP, helo=<EUR02-VE1-obe.outbound.protection.outlook.com>

Mar  4 22:00:19 mail postfix/tlsproxy[1061]: DISCONNECT [IP]:45143

Mar  4 22:00:19 mail postfix/postscreen[1050]: HANGUP after 0.16 from [IP]:45143 in tests after SMTP handshake Mar  4 22:00:19

mail postfix/postscreen[1050]: PASS NEW [IP]:45143 Mar  4 22:00:19 mail postfix/postscreen[1050]: DISCONNECT [IP]:45143

 

Postfix Version mail_version = 2.11.3

 

Reply | Threaded
Open this post in threaded view
|

Re: Postscreen blacklist - Service currently unavailable

Bill Cole-3
On 8 Mar 2018, at 0:59 (-0500), Maurizio Caloro wrote:

> [Main.cf]
>
> postscreen_blacklist_action = drop
>
> postscreen_access_list = permit_mynetworks, hash:/etc/postfix/access
>
> postscreen_bare_newline_enable = yes

Remove this. See http://www.postfix.org/POSTSCREEN_README.html#after_220 
for the details.

> postscreen_dnsbl_action = enforce
>
> postscreen_dnsbl_sites =
>
>    zen.spamhaus.org*3
>
>    bl.mailspike.net*3
>
>    b.barracudacentral.org*2
>
>    bl.spameatingmonkey.net
>
>    bl.spamcop.net
>
>    spamtrap.trblspam.com

Remove this. That DNSBL has been dead for many years and using it is
actively harmful. See
https://www.dnsbl.com/2013/04/status-of-spamtraptrblspamcom-dead.html.

[...]


> [Mail.log]
>
> Mar  4 21:59:40 Dovecot/imap(mca@domain): Info: Disconnected: Logged
> out in=1443 out=219620
>
> Mar  4 22:00:13 mail postfix/postscreen[1050]: CONNECT from
> [IP]:45143 to [IP]:25
>
> Mar  4 22:00:13 mail postfix/dnsblog[1060]: addr [IP] listed by
> domain list.dnswl.org as 127.0.3.0
>
> Mar  4 22:00:13 mail postfix/dnsblog[1076]: addr IP listed by domain
> spamtrap.trblspam.com as 185.53.179.6

There's the damage: spamtrap.trblspam.com is "listing everything"
because the domain vultures who now own trblspam.com have a wildcard A
record under the zone. Because your configuration doesn't specify a
reply code for spamtrap.trblspam.com listings or a score, you are giving
everything a DNSBL point for no reason.
[...]

> Mar  4 22:00:19 mail postfix/postscreen[1050]: NOQUEUE: reject: RCPT
> from [40.92.69.70]:45143: 450 4.3.2 Service currently unavailable;
> from=<form email>, to:<email>, proto=ESMTP,
> helo=<EUR02-VE1-obe.outbound.protection.outlook.com>

"450" is a transient error, telling the sender to retry the message.
This is necessary because postscreen cannot pass the connection to smtpd
after it has sent the greeting banner and examined the EHLO command from
the client. If the client reconnects within a reasonable period, it will
bypass postscreen testing because it has already passed once and that
fact is cached.

--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole