WG: Reject but styl connection established

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

WG: Reject but styl connection established

Maurizio Caloro-2

Hello

I have have create any acceslist to deny, but if  check me situation this will conntecd successfuly to me maschine

But i think this way need to negotiat, but styl not working correct, thanks for any help !

 

Regard

Mauri

 

Postfix 2.11.3

 

# cat /etc/postfix/access | grep 103.233.193.106

103.233.193.106                                                REJECT

103.233.193.106                                                 REJECT

181.49.176.106                                                 REJECT

103.233.193.106                                                 REJECT

 

 

# cat mail.log

Mar  1 00:18:08 mail postfix/smtpd [2178]: connect from server1.hostict.com[103.233.193.106]

Anonymous TLS connection established from smtp.elcolombiano.com.co[181.49.176.106]

Anonymous TLS connection established from server1.hostict.com[103.233.193.106]

Anonymous TLS connection established from 34725.simplecloud.ru[85.143.218.134]

 

[main.cf]

smtpd_sender_restrictions = permit_mynetworks,

        ## reject_sender_login_mismatch,

        check_client_access hash:/etc/postfix/access,

        check_sender_access hash:/etc/postfix/access,

 

smtpd_recipient_restrictions = permit_mynetworks,

        check_client_access hash:/etc/postfix/access,

        check_recipient_access hash:/etc/postfix/access,

….

 

Reply | Threaded
Open this post in threaded view
|

Re: WG: Reject but styl connection established

Christian Kivalo


On March 1, 2018 6:42:17 AM GMT+01:00, Maurizio Caloro <[hidden email]> wrote:

>Hello
>
>I have have create any acceslist to deny, but if  check me situation
>this
>will conntecd successfuly to me maschine
>
>But i think this way need to negotiat, but styl not working correct,
>thanks
>for any help !
>
>
>
>Regard
>
>Mauri
>
>
>
>Postfix 2.11.3
>
>
>
># cat /etc/postfix/access | grep 103.233.193.106
>
>103.233.193.106                                                REJECT
>
>103.233.193.106                                                 REJECT
>
>181.49.176.106                                                 REJECT
>
>103.233.193.106                                                 REJECT
>
>
>
>
>
># cat mail.log
>
>Mar  1 00:18:08 mail postfix/smtpd [2178]: connect from
>server1.hostict.com[103.233.193.106]
>
>Anonymous TLS connection established from
>smtp.elcolombiano.com.co[181.49.176.106]
>
>Anonymous TLS connection established from
>server1.hostict.com[103.233.193.106]
>
>Anonymous TLS connection established from
>34725.simplecloud.ru[85.143.218.134]
>
>
>
>[main.cf]
>
>smtpd_sender_restrictions = permit_mynetworks,
>
>        ## reject_sender_login_mismatch,
>
>        check_client_access hash:/etc/postfix/access,
>
>        check_sender_access hash:/etc/postfix/access,
>
>  
>
>smtpd_recipient_restrictions = permit_mynetworks,
>
>        check_client_access hash:/etc/postfix/access,
>
>        check_recipient_access hash:/etc/postfix/access,
>
>..
You did postmap /etc/postfix/access file after adding the IP?

--
Christian Kivalo
Reply | Threaded
Open this post in threaded view
|

Re: Reject but styl connection established

Viktor Dukhovni
In reply to this post by Maurizio Caloro-2


> On Mar 1, 2018, at 12:42 AM, Maurizio Caloro <[hidden email]> wrote:
>
> I have have create any acceslist to deny, but if  check me situation this will
> conntecd successfuly to me maschine

Postfix access lists control email delivery not connection
establishment.  To control connection establishment use a
firewall.  You can also prevent unwanted clients from
reaching the smtpd(8) service via postscreen(8) blacklists.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

AW: Reject but styl connection established

Maurizio Caloro-2
Thanks for your fast answer, and sorry for my late reply Ok after reading
and configure me mailserver with postscreen i have the following situation
when i send any mail.

[Main.cf]
postscreen_blacklist_action = drop
postscreen_access_list = permit_mynetworks, hash:/etc/postfix/access

[Master.cf]
## smtp      inet  n       -       n       -       -       smtpd
        -o content_filter=spamassassin
smtp      inet  n       -       -       -       1       postscreen
        -o content_filter=spamassassin
smtpd     pass  -       -       -       -       -       smtpd
dnsblog   unix  -       -       -       -       0       dnsblog
tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
  -o content_filter=spamassassin
....

"450 4.3.2 Service currently unavailable" ??

[Mail.log]
Mar  4 21:59:40 Dovecot/imap(mca@domain): Info: Disconnected: Logged out
in=1443 out=219620 Mar  4 22:00:13 mail postfix/postscreen[1050]: CONNECT
from [IP]:45143 to [IP]:25
Mar  4 22:00:13 mail postfix/dnsblog[1060]: addr [IP] listed by domain
list.dnswl.org as 127.0.3.0 Mar  4 22:00:13 mail postfix/dnsblog[1076]: addr
IP listed by domain spamtrap.trblspam.com as 185.53.179.6 Mar  4 22:00:13
mail postfix/dnsblog[1077]: addr IP listed by domain wl.mailspike.net as
127.0.0.20
Mar  4 22:00:19 mail postfix/tlsproxy[1061]: CONNECT from [IP]:45143 Mar  4
22:00:19 mail postfix/tlsproxy[1061]: Anonymous TLS connection established
from [IP]:45143: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Mar  4 22:00:19 mail postfix/postscreen[1050]: NOQUEUE: reject: RCPT from
[40.92.69.70]:45143: 450 4.3.2 Service currently unavailable; from=<form
email>, to:<email>, proto=ESMTP,
helo=<EUR02-VE1-obe.outbound.protection.outlook.com>
Mar  4 22:00:19 mail postfix/tlsproxy[1061]: DISCONNECT [IP]:45143 Mar  4
22:00:19 mail postfix/postscreen[1050]: HANGUP after 0.16 from [IP]:45143 in
tests after SMTP handshake
Mar  4 22:00:19 mail postfix/postscreen[1050]: PASS NEW [IP]:45143
Mar  4 22:00:19 mail postfix/postscreen[1050]: DISCONNECT [IP]:45143

Equal from where i send the email to my domain this error will be appair.

--

> On Mar 1, 2018, at 12:42 AM, Maurizio Caloro <m@c> wrote:
>
> I have have create any acceslist to deny, but if  check me situation
> this will conntecd successfuly to me maschine

Postfix access lists control email delivery not connection establishment.
To control connection establishment use a firewall.  You can also prevent
unwanted clients from reaching the smtpd(8) service via postscreen(8)
blacklists.

--
        Viktor.