postscreen randomly ignore blacklisted IP

hata.ph

New Member
May 9, 2019
2
0
1
45
Hi all,

I have setup postscreen to use zen.spamhaus.org to reduce spam mail. It work but I notice postscreen will ignore few blacklisted IP randomly. I am not sure what is the problem. Maybe someone can help. thanks..

Below are the postconf -n and log show the blacklisted IP is ignored.

Code:
root@pmg:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = yes
best_mx_transport = local
biff = no
command_directory = /usr/sbin
compatibility_level = 2
content_filter = scan:127.0.0.1:10024
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
default_destination_concurrency_limit = 40
delay_warning_time = 4h
lmtp_destination_concurrency_limit = 20
mail_name = Proxmox
mailbox_size_limit = 51200000
message_size_limit = 15728640
mydestination = localhost, $myhostname
mydomain = example.com
myhostname = pmg.example
mynetworks = 127.0.0.0/8 [::1]/128
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org
postscreen_dnsbl_threshold = 1
postscreen_greet_action = enforce
recipient_delimiter = +
relay_destination_concurrency_limit = 20
relay_domains = hash:/etc/pmg/domains
relay_transport = smtp:192.168.xx.xx:25
smtp_destination_concurrency_limit = 20
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP Proxmox
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_message_rate_limit = 0
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_non_fqdn_recipient check_recipient_access regexp:/etc/postfix/rcptaccess check_sender_access regexp:/etc/postfix/senderaccess check_client_access cidr:/etc/postfix/clientaccess check_policy_service inet:127.0.0.1:10022
smtpd_sender_restrictions = permit_mynetworks reject_non_fqdn_sender check_client_access cidr:/etc/postfix/clientaccess check_sender_access regexp:/etc/postfix/senderaccess check_recipient_access regexp:/etc/postfix/rcptaccess
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
transport_maps = hash:/etc/pmg/transport
unverified_recipient_reject_reason = Recipient address lookup failed
virtual_destination_concurrency_limit = 20

Code:
root@pmg:~# less /var/log/mail.log | grep 194.62.55.50
May  9 23:03:45 pmg postfix/postscreen[9814]: CONNECT from [194.62.55.50]:50991 to [192.168.40.106]:26
May  9 23:03:51 pmg postfix/postscreen[9814]: PASS NEW [194.62.55.50]:50991
May  9 23:03:51 pmg postfix/smtpd[9931]: warning: hostname 50.55.62.194.in-addr.arpa.routergate.com does not resolve to address 194.62.55.50: Name or service not known
May  9 23:03:51 pmg postfix/smtpd[9931]: connect from unknown[194.62.55.50]
May  9 23:03:54 pmg postfix/smtpd[9931]: AB1EC20462: client=unknown[194.62.55.50]
May  9 23:03:58 pmg postfix/smtpd[9931]: 268EA22F74: client=unknown[194.62.55.50]
May  9 23:04:01 pmg postfix/smtpd[9900]: D83DA22F88: client=localhost.localdomain[127.0.0.1], orig_client=unknown[194.62.55.50]
May  9 23:04:19 pmg postfix/smtpd[9900]: A367C22F73: client=localhost.localdomain[127.0.0.1], orig_client=unknown[194.62.55.50]
May  9 23:04:19 pmg postfix/smtpd[9931]: D1F6620462: client=unknown[194.62.55.50]
May  9 23:04:20 pmg postfix/postscreen[9814]: CONNECT from [194.62.55.50]:26367 to [192.168.40.106]:26
May  9 23:04:20 pmg postfix/postscreen[9814]: PASS OLD [194.62.55.50]:26367
May  9 23:04:20 pmg postfix/smtpd[9816]: warning: hostname 50.55.62.194.in-addr.arpa.routergate.com does not resolve to address 194.62.55.50: Name or service not known
May  9 23:04:20 pmg postfix/smtpd[9816]: connect from unknown[194.62.55.50]
May  9 23:04:20 pmg postfix/smtpd[9816]: BE7FD2225C: client=unknown[194.62.55.50]
May  9 23:04:21 pmg postfix/smtpd[9816]: disconnect from unknown[194.62.55.50] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
May  9 23:04:22 pmg postfix/smtpd[9900]: 71C5922F88: client=localhost.localdomain[127.0.0.1], orig_client=unknown[194.62.55.50]
May  9 23:04:39 pmg postfix/smtpd[9931]: disconnect from unknown[194.62.55.50] ehlo=1 mail=3 rcpt=3 data=3 quit=1 commands=11
May  9 23:04:40 pmg postfix/smtpd[9900]: CD2E722F74: client=localhost.localdomain[127.0.0.1], orig_client=unknown[194.62.55.50]
May  9 23:05:05 pmg postfix/postscreen[9814]: CONNECT from [194.62.55.50]:62816 to [192.168.40.106]:26
May  9 23:05:05 pmg postfix/postscreen[9814]: PASS OLD [194.62.55.50]:62816
May  9 23:05:05 pmg postfix/smtpd[9816]: warning: hostname 50.55.62.194.in-addr.arpa.routergate.com does not resolve to address 194.62.55.50: Name or service not known
May  9 23:05:05 pmg postfix/smtpd[9816]: connect from unknown[194.62.55.50]
May  9 23:05:06 pmg postfix/smtpd[9816]: 0A80420462: client=unknown[194.62.55.50]
May  9 23:05:20 pmg postfix/smtpd[9816]: disconnect from unknown[194.62.55.50] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
May  9 23:05:51 pmg postfix/postscreen[9814]: CONNECT from [194.62.55.50]:12198 to [192.168.40.106]:26
May  9 23:05:51 pmg postfix/postscreen[9814]: PASS OLD [194.62.55.50]:12198
May  9 23:05:51 pmg postfix/smtpd[9931]: warning: hostname 50.55.62.194.in-addr.arpa.routergate.com does not resolve to address 194.62.55.50: Name or service not known
May  9 23:05:51 pmg postfix/smtpd[9931]: connect from unknown[194.62.55.50]
May  9 23:05:52 pmg postfix/smtpd[9931]: 3C13320462: client=unknown[194.62.55.50]
May  9 23:05:54 pmg postfix/smtpd[9900]: 0A5DA22F74: client=localhost.localdomain[127.0.0.1], orig_client=unknown[194.62.55.50]
May  9 23:06:00 pmg postfix/smtpd[9931]: disconnect from unknown[194.62.55.50] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
May  9 23:07:48 pmg postfix/anvil[9619]: statistics: max connection count 2 for (smtpd:194.62.55.50) at May  9 23:04:20
 
I just checked that IP on 2 rbl lookup sites http://www.anti-abuse.org/ and http://multirbl.valli.org . It's listed with one, but not with the other.

* The log you posted only shows that this address is passed by postscreen (I would guess that when postscreen asked the DNS-resolver for the rbl-entry of that ip at spamhaus, it was not listed). - Did it ever block this ip?
* Caching of these lookups happen on multiple levels (otherwise even more dns-lookups would be needed than right now)
* DNS-entries are cached by the recursors after getting an answer from spamhaus (for at least 15 minutes - depending on the configuration for longer )
* Postscreen has also a cache and uses it (see http://www.postfix.org/POSTSCREEN_README.html)


hope this helps!
 
Hi Stoikov,

Sorry for the lates reply. After some further reading, I try to change postscreen_dnsbl_ttl from default 1h to 10m.
And I notice no more spam IP slip through postscreen. Now I change to 30m and will continue to monitor.

Code:
root@pmg:~# postconf | grep dnsbl_ttl
postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
postscreen_dnsbl_ttl = 30m

Is there a way to change the setting in PMG GUI instead of through CLI to modify the /var/lib/pmg/templates/main.cf.in?
 
Hi Stoikov,

Sorry for the lates reply. After some further reading, I try to change postscreen_dnsbl_ttl from default 1h to 10m.
And I notice no more spam IP slip through postscreen. Now I change to 30m and will continue to monitor.

Code:
root@pmg:~# postconf | grep dnsbl_ttl
postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
postscreen_dnsbl_ttl = 30m

Is there a way to change the setting in PMG GUI instead of through CLI to modify the /var/lib/pmg/templates/main.cf.in?
And what are your current "long-term" results decreasing the default from 1h to 30m?
 
And what are your current "long-term" results decreasing the default from 1h to 30m?

Long story short, I end up did not set postscreen_dnsbl_ttl and use multiple dnsbl sites for extra checking.

postscreen_dnsbl_sites = zen.spamhaus.org,bl.spamcop.net,bl.mailspike.net
postscreen_dnsbl_threshold = 2
 
Hello guys ,
I did set the max_ttl to 3m... and it is still miss up checkes.
And I do use multi rbl check let's say about 10 of them.
I really do not understand why is this, It does looks like some delay or so or some white list error.
I realy do not have much confidence with it , I do check it every day and see some missed checks ,lucky me I have clamav working so it is end up there as a virus...
Does any one have the same issue ?
 
Last edited:
Hello guys ,
I did set the max_ttl to 3m... and it is still miss up checkes.
And I do use multi rbl check let's say about 10 of them.
I really do not understand why is this, It does looks like some delay or so or some white list error.
I realy do not have much confidence with it , I do check it every day and see some missed checks ,lucky me I have clamav working so it is end up there as a virus...
Does any one have the same issue ?

Did you create a custom templates for your max_ttl setting in postfix?
Pls show your dnsbl config and also the mail log.
 
Hi ,
This is an example of miss up log...
The bold addr (31.169.70.165 ) should be block by the black list : SORBS SPAM + SORBS NEW ,
The systems seems to miss that check.
As you can see , it is blocked by virus rule that come after.

"
Oct 1 09:40:38 smg01 postfix/smtpd[27822]: connect from linux.netuv.com[31.169.70.165]
Oct 1 09:40:40 smg01 postfix/smtpd[27822]: NOQUEUE: client=linux.netuv.com[31.169.70.165]
Oct 1 09:40:41 smg01 pmg-smtp-filter[24435]: 60DE25F7579E8E2480: new mail message-id=<2636df99ec4ddfb6d6865edd38dcc4a5@unilever.coupahost.com>#012
Oct 1 09:40:41 smg01 pmg-smtp-filter[24435]: 60DE25F7579E8E2480: virus detected: Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL (clamav)
Oct 1 09:40:46 smg01 pmg-smtp-filter[24435]: 60DE25F7579E8E2480: SA score=1/5 time=4.445 bayes=undefined autolearn=no autolearn_force=no hits=HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),KAM_NUMSUBJECT(0.5),LH_URI_DOM_IN_PATH(0.001),SPF_HELO_NONE(0.001),SPF_SOFTFAIL(0.972),T_REMOTE_IMAGE(0.01)
Oct 1 09:40:46 smg01 pmg-smtp-filter[24435]: 60DE25F7579E8E2480: notify <koby@mksoft.co.il> (rule: 00 - OnViruses, 0BC8C60F54)
Oct 1 09:40:46 smg01 pmg-smtp-filter[24435]: 60DE25F7579E8E2480: notify <meirkr@mksoft.co.il> (rule: 00 - OnViruses, 0FF5B60F57)
Oct 1 09:40:46 smg01 pmg-smtp-filter[24435]: 60DE25F7579E8E2480: moved mail for <meirkr@mksoft.co.il> to virus quarantine - 60F635F7579EE1BE43 (rule: 00 - OnViruses)
Oct 1 09:40:46 smg01 pmg-smtp-filter[24435]: 60DE25F7579E8E2480: processing time: 5.192 seconds (4.445, 0.483, 0)
Oct 1 09:40:46 smg01 postfix/smtpd[27822]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (60DE25F7579E8E2480); from=<do_not_reply@unilever.coupahost.com> to=<meirkr@mksoft.co.il> proto=ESMTP helo=<linux.netuv.com>
Oct 1 09:40:46 smg01 postfix/smtpd[27822]: disconnect from linux.netuv.com[31.169.70.165] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
"

As for my custom template , here it is.
"
# auto-generated by proxmox

compatibility_level = 2
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix

# appending .domain is the MUA's job.
append_dot_mydomain = yes

smtpd_banner = $myhostname [% pmg.mail.banner %]
biff = no

[% IF pmg.mail.dwarning %]
delay_warning_time = [% pmg.mail.dwarning %]h
[% END %]

best_mx_transport = local
message_size_limit = [% pmg.mail.maxsize %]
mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %]

mydomain = [% dns.domain %]
myhostname = [% dns.hostname %].[% dns.domain %]

parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost, $myhostname
mynetworks = [% postfix.mynetworks %]

relay_domains = hash:/etc/pmg/domains

transport_maps = hash:/etc/pmg/transport

[% IF pmg.mail.relay %]
[% IF pmg.mail.relayprotocol == 'lmtp' %]
relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
[% ELSE %]
[% IF pmg.mail.relaynomx %]
relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %]
[% ELSE %]
relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
[% END %]
[% END %]
[% END %]

[% IF pmg.mail.smarthost %]
default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %]
[% END %]

[% IF ! pmg.mail.before_queue_filtering -%]
content_filter=scan:127.0.0.1:10024
[%- END %]

mail_name = Proxmox

[% IF pmg.mail.helotests %]
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
[% ELSE %]
smtpd_helo_restrictions =
[% END %]

postscreen_access_list =
permit_mynetworks,
cidr:/etc/postfix/postscreen_access

[% IF postfix.dnsbl_sites %]
postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
[% END %]


# Begin Added by koby
postscreen_dnsbl_ttl = 3m
postscreen_cache_retention_time = 3m

rbl_reply_maps = texthash:/etc/postfix/rbl_reply_map
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map


# End



postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce

smtpd_sender_restrictions =
permit_mynetworks
reject_non_fqdn_sender
check_client_access cidr:/etc/postfix/clientaccess
check_sender_access regexp:/etc/postfix/senderaccess
check_recipient_access regexp:/etc/postfix/rcptaccess
[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]

smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
reject_non_fqdn_recipient
check_recipient_access regexp:/etc/postfix/rcptaccess
[%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %]
[%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %]
[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]

# Begin Add By Koby
#reject_rbl_client = 173e.combined.mail.abusix.zone
#rbl_reply_maps = texthash:/etc/postfix/rbl_reply_map
# End


[% IF pmg.mail.verifyreceivers %]
unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
[% END %]

smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]

[% IF pmg.mail.tls %]
smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

lmtp_tls_security_level = $smtp_tls_security_level
lmtp_tls_policy_maps = $smtp_tls_policy_maps
lmtp_tls_CAfile = $smtp_tls_CAfile
[% IF pmg.mail.tlslog %]
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
lmtp_tls_loglevel = $smtp_tls_loglevel
[% END %]
[% IF pmg.mail.tlsheader %]
smtpd_tls_received_header = yes
[% END %]
[% END %]

smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp_tls_session_cache

[% IF pmg.mail.hide_received %]
unverified_recipient_reject_reason = Recipient address lookup failed
[% END %]


default_destination_concurrency_limit = 40
lmtp_destination_concurrency_limit = 20
relay_destination_concurrency_limit = 20
smtp_destination_concurrency_limit = 20
virtual_destination_concurrency_limit = 20

recipient_delimiter = +

##########################################
# Added By Koby for sending with MailGun #
##########################################

#specify SMTP relay host
relayhost = [smtp.mailgun.org]:587

# enable SASL authentication
smtp_sasl_auth_enable = yes

# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous

# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd

# Enable STARTTLS encryption
#smtp_use_tls = yes
smtp_tls_security_level = encrypt


# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

# allow IPV$
inet_protocols = ipv4

"
 
Last edited:
You did not show your dnsbl site. Pls run postconf | grep dnsbl in terminal and show the output
 
You did not show your dnsbl site. Pls run postconf | grep dnsbl in terminal and show the output


Here it is...
"
dnsblog_reply_delay = 0s
dnsblog_service_name = dnsblog
postscreen_dnsbl_action = enforce
postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
postscreen_dnsbl_min_ttl = 60s
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map
postscreen_dnsbl_sites = 7c4c3e.combined.mail.abusix.zone,dnsbl.cobion.com,rbl.realtimeblacklist.com,b.barracudacentral.org,bl.spamcop.net,zen.spamhaus.org,psbl.surriel.com,bl.spamcop.net,dnsbl.sorbs.net,rbl.interserver.net,bl.mailspike.net,truncate.gbudb.net
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_timeout = 10s
postscreen_dnsbl_ttl = 3m
postscreen_dnsbl_whitelist_threshold = 0
"
 
Use postscreen_dnsbl_max_ttl instead of postscreen_dnsbl_ttl as the second one is deprecated: http://www.postfix.org/postconf.5.html
Also according to the value of postscreen_dnsbl_max_ttl I would assume that it always appends 'h', even when $postscreen_dnsbl_ttl is configured.
 
Here it is...
"
dnsblog_reply_delay = 0s
dnsblog_service_name = dnsblog
postscreen_dnsbl_action = enforce
postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
postscreen_dnsbl_min_ttl = 60s
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map
postscreen_dnsbl_sites = 7c4c3e.combined.mail.abusix.zone,dnsbl.cobion.com,rbl.realtimeblacklist.com,b.barracudacentral.org,bl.spamcop.net,zen.spamhaus.org,psbl.surriel.com,bl.spamcop.net,dnsbl.sorbs.net,rbl.interserver.net,bl.mailspike.net,truncate.gbudb.net
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_timeout = 10s
postscreen_dnsbl_ttl = 3m
postscreen_dnsbl_whitelist_threshold = 0
"

You have set postscreen_dnsbl_threshold = 2 mean require 2 or more hits from your listed dnsbl_sites to get blocked by spamassasin.
So far I checked IP 31.169.70.165 only get listed in dnsbl.sorbs.net, that is the reason why the email get delivered.
 
Hi Guy's ,
I did set the
postscreen_dnsbl_max_ttl = 3m

But the systems sill miss up check , much less but still.

Here is miss up check log :
Code:
Oct 4 03:36:03 smg01 postfix/smtpd[31553]: connect from unknown[66.206.0.122]
Oct 4 03:36:06 smg01 postfix/smtpd[31553]: NOQUEUE: client=unknown[66.206.0.122]
Oct 4 03:36:06 smg01 pmg-smtp-filter[25131]: 610A85F7918F6E3965: new mail message-id=<b356b5966c412be7cc8feb6b576982c2@jabalierty.net>#012
Oct 4 03:36:10 smg01 pmg-smtp-filter[25131]: 610A85F7918F6E3965: SA score=11/5 time=3.426 bayes=undefined autolearn=no autolearn_force=no hits=CK_HELO_DYNAMIC_SPLIT_IP(0.533),HELO_MISC_IP(0.084),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),KAM_LAZY_DOMAIN_SECURITY(1),MPART_ALT_DIFF(0.724),RDNS_NONE(1.274),SPF_HELO_NONE(0.001),SPF_NONE(0.001),TVD_RCVD_IP(0.001),T_KAM_HTML_FONT_INVALID(0.01),T_REMOTE_IMAGE(0.01),UNWANTED_LANGUAGE_BODY(2.8),URIBL_BLOCKED(5)
Oct 4 03:36:10 smg01 pmg-smtp-filter[25131]: 610A85F7918F6E3965: moved mail for <***@mksoft.co.il> to spam quarantine - 610F65F7918FA6DB34 (rule: 00 - Block Spam (Level 8))
Oct 4 03:36:10 smg01 pmg-smtp-filter[25131]: 610A85F7918F6E3965: processing time: 3.52 seconds (3.426, 0.075, 0)
Oct 4 03:36:10 smg01 postfix/smtpd[31553]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (610A85F7918F6E3965); from=<support@jabalierty.net> to=<***@mksoft.co.il> proto=ESMTP helo=<66-206-0-122.cprapid.com>
Oct 4 03:36:10 smg01 postfix/smtpd[31553]: disconnect from unknown[66.206.0.122] ehlo=1 mail=1 rcpt=1



Here is my setting :

Code:
root@smg01:~# postconf | grep ttl
address_verify_sender_ttl = 0s
connection_cache_ttl_limit = 2s
dns_ncache_ttl_fix_enable = no
ipc_ttl = 1000s
lmtp_starttls_timeout = 300s
lmtp_tls_note_starttls_offer = no
postscreen_bare_newline_ttl = 30d
postscreen_dnsbl_max_ttl = 3m
postscreen_dnsbl_min_ttl = 60s
postscreen_greet_ttl = 1d
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_ttl = 30d
service_throttle_time = 60s
smtp_starttls_timeout = 300s
smtp_tls_note_starttls_offer = no
smtpd_policy_service_max_ttl = 1000s
smtpd_starttls_timeout = ${stress?{10}:{300}}s

Does someone can advise please.

Bast Regards,
Koby Peleg Hen
 
Set postscreen_dnsbl_threshold = 1 and monitor again.

I did set this on purpose because I like to be sure on the black list means ==> at list 2 blacklist for blocking..
this is not our problem , if you check the above IP against mxtoolbox you will sen that this IP is listed more than one.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!