postscreen pregreet still testing dnsbl

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

postscreen pregreet still testing dnsbl

Benny Pedersen-2

will it not make sense to not drop dnsbl rbl when its a pregreet ip that
are dropped ?

i see postfix doing rbl test even for pregreet users trying, is this
just using cache results ?

Apr 21 11:21:10 localhost postfix/postscreen[27441]: CONNECT from
[49.76.12.130]:53055 to [176.58.121.172]:25
Apr 21 11:21:10 localhost postfix/dnsblog[27442]: addr 49.76.12.130
listed by domain zen.spamhaus.org as 127.0.0.11
Apr 21 11:21:10 localhost postfix/dnsblog[27442]: addr 49.76.12.130
listed by domain zen.spamhaus.org as 127.0.0.4
Apr 21 11:21:10 localhost postfix/postscreen[27441]: PREGREET 16 after
0.3 from [49.76.12.130]:53055: EHLO lj5yJxNn4\r\n
Apr 21 11:21:10 localhost postfix/postscreen[27441]: DNSBL rank 7 for
[49.76.12.130]:53055
Apr 21 11:21:11 localhost postfix/postscreen[27441]: HANGUP after 0.6
from [49.76.12.130]:53055 in tests after SMTP handshake
Apr 21 11:21:11 localhost postfix/postscreen[27441]: DISCONNECT
[49.76.12.130]:53055
Reply | Threaded
Open this post in threaded view
|

Re: postscreen pregreet still testing dnsbl

Matus UHLAR - fantomas
On 21.04.19 14:40, Benny Pedersen wrote:
>will it not make sense to not drop dnsbl rbl when its a pregreet ip
>that are dropped ?

only if you want to add another unnecessary delay at SMTP greering time.

>i see postfix doing rbl test even for pregreet users trying, is this
>just using cache results ?

if the results are in cache, yes.


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...
Reply | Threaded
Open this post in threaded view
|

Re: postscreen pregreet still testing dnsbl

Wietse Venema
In reply to this post by Benny Pedersen-2
Benny Pedersen:
>
> will it not make sense to not drop dnsbl rbl when its a pregreet ip that
> are dropped ?

The DNSBL/WL lookups start BEFORE the pregreet test, and as shown
in your example, the DNSBL/WL lookups usually complete before the
client pregreets.

Since the DNS resolver (which not part of Postfix) is looking up
the DNSBL/WL information anyway, it would be wasteful for Postfix
not to log the result. The result is useful to determine if pregreet
tests block any clients that aren't already blocked by DNSBL. On
my system, that's about 3% of all pregreet clients, and about 5%
of pregreet client connections.

postscreen does not cache failed tests. That keeps most of the
pregreeters out of the postscreen cache.

        Wietse

> Apr 21 11:21:10 localhost postfix/postscreen[27441]: CONNECT from
> [49.76.12.130]:53055 to [176.58.121.172]:25
> Apr 21 11:21:10 localhost postfix/dnsblog[27442]: addr 49.76.12.130
> listed by domain zen.spamhaus.org as 127.0.0.11
> Apr 21 11:21:10 localhost postfix/dnsblog[27442]: addr 49.76.12.130
> listed by domain zen.spamhaus.org as 127.0.0.4
> Apr 21 11:21:10 localhost postfix/postscreen[27441]: PREGREET 16 after
> 0.3 from [49.76.12.130]:53055: EHLO lj5yJxNn4\r\n
> Apr 21 11:21:10 localhost postfix/postscreen[27441]: DNSBL rank 7 for
> [49.76.12.130]:53055
> Apr 21 11:21:11 localhost postfix/postscreen[27441]: HANGUP after 0.6
> from [49.76.12.130]:53055 in tests after SMTP handshake
> Apr 21 11:21:11 localhost postfix/postscreen[27441]: DISCONNECT
> [49.76.12.130]:53055