[SOLVED] No statistic for DNSBLOG

[comfreak]

Hello,

I am referring to this thread: https://forum.proxmox.com/threads/postscreen-statistics-are-no-longer-displayed.85995/

I am having the same issue. As soon as I enabled DNSBL sites under "Mail Proxy" => "Options", no statistic regarding postscreen is generated anymore. Also, there is no specific statistic for DNSBL in PMG.

Mar 27 17:05:56 pmg postfix/2525/postscreen[12000]: CONNECT from [212.192.246.179]:59126 to [<censored>]:25
Mar 27 17:05:56 pmg postfix/dnsblog[12014]: addr 212.192.246.179 listed by domain dnsbl-2.uceprotect.net as 127.0.0.2
Mar 27 17:05:56 pmg postfix/dnsblog[12003]: addr 212.192.246.179 listed by domain spam.spamrats.com as 127.0.0.38
Mar 27 17:05:56 pmg postfix/dnsblog[12023]: addr 212.192.246.179 listed by domain dnsbl-3.uceprotect.net as 127.0.0.2
Mar 27 17:05:56 pmg postfix/dnsblog[12009]: addr 212.192.246.179 listed by domain zen.spamhaus.org as 127.0.0.4
Mar 27 17:05:56 pmg postfix/2525/postscreen[12000]: PREGREET 11 after 0.04 from [212.192.246.179]:59126: EHLO User\r\n
Mar 27 17:05:56 pmg postfix/2525/postscreen[12000]: DNSBL rank 6 for [212.192.246.179]:59126
Mar 27 17:05:56 pmg postfix/2525/postscreen[12000]: DISCONNECT [212.192.246.179]:59126

Yes journalctl -o json --output-fields '__CURSOR,MESSAGE' --no-pager --identifier 'postfix/postscreen' -n 5000 gives output, but only until I enabled DNSBLs!

The 'pmgpolicy' daemon is enabled and running.

Any hints?

 

[Stoiko Ivanov]

I am having the same issue. As soon as I enabled DNSBL sites under "Mail Proxy" => "Options", no statistic regarding postscreen is generated anymore.

anything else in the journal regarding postfix after restarting it?
(could it be that the DNSBL don't work because they lead to an incorrect config setting)?

 

[comfreak]

anything else in the journal regarding postfix after restarting it?

Like this?

root@pmg:~# journalctl -o json --output-fields '__CURSOR,MESSAGE' --no-pager --identifier 'postfix/postscreen' -n 5000 | grep postfix
{"_BOOT_ID":"3989ea48e4534ab3b76c9cdb96e43386","__CURSOR":"s=46ec845eea834448b49f453451ae5c5e;i=2d8;b=3989ea48e4534ab3b76c9cdb96e43386;m=2e067947354;t=5db27effde347;x=72836a4e8b6a0fc3","__MONOTONIC_TIMESTAMP":"3162833711956","__REALTIME_TIMESTAMP":"1648339460154183","MESSAGE":"cache btree:/var/lib/postfix/postscreen_cache full cleanup: retained=0 dropped=0 entries"}

RBL before activation of DNSBL in March:


After activation in April:

 

[Stoiko Ivanov]

Like this?

no - rather the complete journal since boot - `journalctl -b' (attach as text-file)
but from the output you shared it looks as if postscreen is simply not running (which might indicate indeed a misconfiguration of the DNSBL setting)
please also share the dnsbl_sites line from your /etc/pmg/pmg.conf

 

[comfreak]

I think postscreen is running as I have entries in the journalctl.

dnsbl_sites zen.spamhaus.org*3,bl.mailspike.net*3,ix.dnsbl.manitu.net*2,bl.spamcop.net*2,psbl.surriel.com*2,spamrbl.imp.ch*2,bl.score.senderscore.com*2,bl.spameatingmonkey.net*2,rbl.realtimeblacklist.com*2,dnsbl.dronebl.org*2,dnsbl-1.uceprotect.net*2,b.barracudacentral.org*2,dnsbl.sorbs.net*2,spam.dnsbl.anonmails.de*2,dnsbl-2.uceprotect.net,spam.dnsbl.anonmails.de,truncate.gbudb.net,bl.blocklist.de,rbl.abuse.ro,dnsbl.cobion.com,spam.spamrats.com,noptr.spamrats.com,rbl.interserver.net,truncate.gbudb.net,dnsbl.zapbl.net,nsbl.dronebl.org,ips.backscatterer.org,ips.whitelisted.org*-3,list.dnswl.org*-3,rbl.ircbl.org,fulldom.rfc-clueless.org,postmaster.rfc-clueless.org,dnsbl.spfbl.net,iprbl.mailcleaner.net,<apikey>.combined.mail.abusix.zone*3

edit: apikey from abusix removed.

 

[Stoiko Ivanov]

hmm - any modifications to the default config on your system?

asking because of the following line:

Apr 07 21:10:02 pmg postfix/2525/postscreen[473]: CONNECT from [...

the 2525 in postfix/2525/postscreen seems unusual (and might explain why nothing shows up in the statistics...

 

[comfreak]

yeaahhhh....that could be the issue... I am receiving the smtp connections via a haproxy because I am on a CGNAT with IPv6 and I had to change the template of the master.cf so that postfix/postscreen accepts connections via haproxy (pmg connects to a IPv4 server in the cloud via VPN)

2525       inet  n -       -       -       1 postscreen
  -o postscreen_upstream_proxy_protocol=haproxy
  -o postscreen_cache_map=btree:$data_directory/postscreen_2525_cache
  -o syslog_name=postfix/2525

If you say that this is potentially the issue, that forget it - I will live with it as I know that this is probably a quite special configuration.

However, if you have a quick solution for it, I would try it as I am not sure how the graph is with which data is generated...

 

[Stoiko Ivanov]

-o syslog_name=postfix/2525

you could try removing this line? (and running `pmgconfig sync -restart 1`)

I hope this helps!

 

[comfreak]

Yep, that did the trick!

I copied the lines for the haproxy somewhere from the internet and added that syslong_name line from there, too. Totally my mistake and appreciate your help, thank you!

 

[Stoiko Ivanov]

Yep, that did the trick!

I copied the lines for the haproxy somewhere from the internet and added that syslong_name line from there, too. Totally my mistake and appreciate your help, thank you!

Glad to read that we found the issue and you resolved it