Hello, I am trying to understand the different ways mail are blocked using the DNSBL. Below is a sample from my syslog.
Feb 5 07:32:12 proxmox.mydomain postfix/postscreen[2603061]: CONNECT from [103.49.239.140]:35162 to [xx.xx.xx.xx]:25
Feb 5 07:32:12 proxmox.mydomain postfix/dnsblog[2605071]: addr 103.49.239.140 listed by domain zen.spamhaus.org as 127.0.0.3
Feb 5 07:32:12 proxmox.mydomain postfix/dnsblog[2605071]: addr 103.49.239.140 listed by domain zen.spamhaus.org as 127.0.0.2
Feb 5 07:32:12 proxmox.mydomain postfix/dnsblog[2603143]: addr 103.49.239.140 listed by domain bl.mailspike.net as 127.0.0.11
Feb 5 07:32:18 proxmox.mydomain postfix/postscreen[2603061]: DNSBL rank 2 for [103.49.239.140]:35162
Feb 5 07:32:18 proxmox.mydomain postfix/postscreen[2603061]: NOQUEUE: reject: RCPT from [103.49.239.140]:35162: 550 5.7.1 Service unavailable; client [103.49.239.140] blocked using zen.spamhaus.org; from=<>, to=<user@mydomain>, proto=ESMTP, helo=<vsxu.com>
Feb 5 07:32:18 proxmox.mydomain postfix/postscreen[2603061]: DISCONNECT [103.49.239.140]:35162
Here the address 103.49.239.140 is listed by domain zen.spamhaus.org and it is then listed as NOQUEUE: reject.
My questions:
#1 Why are these different?
#2 Only the NOQUEUE: reject lines are listed in the tracking center. Why is that? These show up as rejected.
#3 Is there a difference in the mail being blocked that has an empty from or posing a user from my domain? Those mails also get blocked by DNSBL.
For further context, one mail was blocked with the same from and to address (example: from kransom@mydomain.com to kransom@mydomain helo=<mydomain.com>)
#4 I had to removed bl.spamcop.net from being one of our DNSBL as it kept causing false positives and blocking mail. Are there any configurations that can be done to help with this? I believe it is a mail server side issue with the respective server being flagged for spam, but just checking anyway.
Feb 5 07:32:12 proxmox.mydomain postfix/postscreen[2603061]: CONNECT from [103.49.239.140]:35162 to [xx.xx.xx.xx]:25
Feb 5 07:32:12 proxmox.mydomain postfix/dnsblog[2605071]: addr 103.49.239.140 listed by domain zen.spamhaus.org as 127.0.0.3
Feb 5 07:32:12 proxmox.mydomain postfix/dnsblog[2605071]: addr 103.49.239.140 listed by domain zen.spamhaus.org as 127.0.0.2
Feb 5 07:32:12 proxmox.mydomain postfix/dnsblog[2603143]: addr 103.49.239.140 listed by domain bl.mailspike.net as 127.0.0.11
Feb 5 07:32:18 proxmox.mydomain postfix/postscreen[2603061]: DNSBL rank 2 for [103.49.239.140]:35162
Feb 5 07:32:18 proxmox.mydomain postfix/postscreen[2603061]: NOQUEUE: reject: RCPT from [103.49.239.140]:35162: 550 5.7.1 Service unavailable; client [103.49.239.140] blocked using zen.spamhaus.org; from=<>, to=<user@mydomain>, proto=ESMTP, helo=<vsxu.com>
Feb 5 07:32:18 proxmox.mydomain postfix/postscreen[2603061]: DISCONNECT [103.49.239.140]:35162
Here the address 103.49.239.140 is listed by domain zen.spamhaus.org and it is then listed as NOQUEUE: reject.
My questions:
#1 Why are these different?
#2 Only the NOQUEUE: reject lines are listed in the tracking center. Why is that? These show up as rejected.
#3 Is there a difference in the mail being blocked that has an empty from or posing a user from my domain? Those mails also get blocked by DNSBL.
For further context, one mail was blocked with the same from and to address (example: from kransom@mydomain.com to kransom@mydomain helo=<mydomain.com>)
#4 I had to removed bl.spamcop.net from being one of our DNSBL as it kept causing false positives and blocking mail. Are there any configurations that can be done to help with this? I believe it is a mail server side issue with the respective server being flagged for spam, but just checking anyway.
Last edited:
