postscreen randomly ignore blacklisted IP

show output of less /var/log/mail.log | grep combined.mail.abusix.zone
 
show output of less /var/log/mail.log | grep combined.mail.abusix.zone

Code:
Oct  4 00:06:16 smg01 postfix/dnsblog[30244]: addr 94.102.56.238 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.4
Oct  4 00:06:16 smg01 postfix/dnsblog[30244]: addr 94.102.56.238 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.12
Oct  4 01:08:39 smg01 postfix/dnsblog[30607]: addr 180.127.108.224 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.4
Oct  4 01:08:39 smg01 postfix/dnsblog[30607]: addr 180.127.108.224 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
Oct  4 01:08:39 smg01 postfix/dnsblog[30607]: addr 180.127.108.224 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.12
Oct  4 03:35:57 smg01 postfix/dnsblog[31546]: addr 66.206.0.122 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
Oct  4 03:35:57 smg01 postfix/dnsblog[31546]: addr 66.206.0.122 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.12
Oct  4 03:35:57 smg01 postfix/dnsblog[31546]: addr 66.206.0.122 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.2
Oct  4 03:58:33 smg01 postfix/dnsblog[31670]: addr 95.181.155.38 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.2
Oct  4 03:58:33 smg01 postfix/dnsblog[31670]: addr 95.181.155.38 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
Oct  4 05:13:36 smg01 postfix/dnsblog[32187]: addr 162.243.61.162 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.2
Oct  4 05:13:36 smg01 postfix/dnsblog[32187]: addr 162.243.61.162 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
Oct  4 05:53:07 smg01 postfix/dnsblog[338]: addr 37.49.225.199 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
Oct  4 05:53:07 smg01 postfix/dnsblog[338]: addr 37.49.225.199 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.4
Oct  4 05:53:07 smg01 postfix/dnsblog[338]: addr 37.49.225.199 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.2
Oct  4 05:53:07 smg01 postfix/dnsblog[338]: addr 37.49.225.199 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.12
Oct  4 07:25:30 smg01 postfix/dnsblog[1131]: addr 114.237.109.37 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.12
Oct  4 07:25:30 smg01 postfix/dnsblog[1131]: addr 114.237.109.37 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.4
Oct  4 07:25:30 smg01 postfix/dnsblog[1131]: addr 114.237.109.37 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
Oct  4 08:42:27 smg01 postfix/dnsblog[5629]: addr 89.33.192.71 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.2
Oct  4 08:42:27 smg01 postfix/dnsblog[5629]: addr 89.33.192.71 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.12
Oct  4 10:28:46 smg01 postfix/dnsblog[14856]: addr 84.94.225.136 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
Oct  4 10:51:39 smg01 postfix/dnsblog[15633]: addr 194.90.76.225 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.12
Oct  4 11:35:11 smg01 postfix/dnsblog[15974]: addr 83.97.20.31 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.11
Oct  4 12:51:32 smg01 postfix/dnsblog[16939]: addr 118.27.33.96 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
Oct  4 12:51:32 smg01 postfix/dnsblog[16939]: addr 118.27.33.96 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.2
Oct  4 12:53:56 smg01 postfix/dnsblog[16977]: addr 212.29.237.111 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
 
Pls show output grep 66.206.0.122 /var/log/mail.log

Here you go...

Code:
root@smg01:/var/log# grep 66.206.0.122 /var/log/mail.log
Oct  4 03:35:57 smg01 postfix/postscreen[31540]: CONNECT from [66.206.0.122]:41926 to [207.154.215.33]:25
Oct  4 03:35:57 smg01 postfix/dnsblog[31546]: addr 66.206.0.122 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.3
Oct  4 03:35:57 smg01 postfix/dnsblog[31546]: addr 66.206.0.122 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.12
Oct  4 03:35:57 smg01 postfix/dnsblog[31546]: addr 66.206.0.122 listed by domain 69e6d1a2cee5f01150efd8e0b17c4c3e.combined.mail.abusix.zone as 127.0.0.2
Oct  4 03:36:03 smg01 postfix/postscreen[31540]: PASS NEW [66.206.0.122]:41926
Oct  4 03:36:03 smg01 postfix/smtpd[31553]: connect from unknown[66.206.0.122]
Oct  4 03:36:06 smg01 postfix/smtpd[31553]: NOQUEUE: client=unknown[66.206.0.122]
Oct  4 03:36:10 smg01 postfix/smtpd[31553]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (610A85F7918F6E3965); from=<support@jabalierty.net> to=<meir@mksoft.co.il> proto=ESMTP helo=<66-206-0-122.cprapid.com>
Oct  4 03:36:10 smg01 postfix/smtpd[31553]: disconnect from unknown[66.206.0.122] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct  4 03:39:30 smg01 postfix/anvil[31555]: statistics: max connection rate 1/60s for (smtpd:66.206.0.122) at Oct  4 03:36:03
Oct  4 03:39:30 smg01 postfix/anvil[31555]: statistics: max connection count 1 for (smtpd:66.206.0.122) at Oct  4 03:36:03
 
Can your PMG ping 122.0.206.66.dnsbl.sorbs.net?

Here it is ...
Code:
root@smg01:/var/log# ping 122.0.206.66.dnsbl.sorbs.net
PING 122.0.206.66.dnsbl.sorbs.net (127.0.0.6) 56(84) bytes of data.
64 bytes from 127.0.0.6 (127.0.0.6): icmp_seq=1 ttl=64 time=0.022 ms
64 bytes from 127.0.0.6 (127.0.0.6): icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 127.0.0.6 (127.0.0.6): icmp_seq=3 ttl=64 time=0.034 ms
^C
--- 122.0.206.66.dnsbl.sorbs.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 32ms
rtt min/avg/max/mdev = 0.022/0.032/0.040/0.007 ms
root@smg01:/var/log#
 
Show output of grep dnsbl.sorbs.net /var/log/mail.log
Code:
root@smg01:/var/log# grep dnsbl.sorbs.net /var/log/mail.log
Oct  4 03:58:36 smg01 postfix/dnsblog[31674]: addr 95.181.155.38 listed by domain dnsbl.sorbs.net as 127.0.0.6
Oct  4 05:13:38 smg01 postfix/dnsblog[32188]: addr 162.243.61.162 listed by domain dnsbl.sorbs.net as 127.0.0.6
Oct  4 07:25:30 smg01 postfix/dnsblog[1135]: addr 114.237.109.37 listed by domain dnsbl.sorbs.net as 127.0.0.7
Oct  4 08:08:00 smg01 postfix/dnsblog[3387]: addr 209.85.219.178 listed by domain dnsbl.sorbs.net as 127.0.0.6
Oct  4 12:19:42 smg01 postfix/dnsblog[16558]: addr 54.240.52.186 listed by domain dnsbl.sorbs.net as 127.0.0.6
Oct  4 12:44:44 smg01 postfix/postscreen[16887]: warning: dnsblog reply timeout 10s for dnsbl.sorbs.net
Oct  4 12:51:32 smg01 postfix/dnsblog[16959]: addr 118.27.33.96 listed by domain dnsbl.sorbs.net as 127.0.0.6
 
Oct 4 12:44:44 smg01 postfix/postscreen[16887]: warning: dnsblog reply timeout 10s for dnsbl.sorbs.net

I suspect this is the problem. You PMG having timeout when query dnsbl.sorbs.net. Does it happen frequently? Are you using google DNS for DNS resolution?
 
I suspect this is the problem. You PMG having timeout when query dnsbl.sorbs.net. Does it happen frequently? Are you using google DNS for DNS resolution?
No,
I do not see it very often , The vm is Digital Ocean VM , no google dns.

My dns is :
nameserver 67.207.67.3

I think that I will do a close follow up on this and update accordingly.
Thanks for you help.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!