Am I missing something? You can see from the log below that "addr 13.111.113.167 listed by domain list.dnswl.org as 127.0.15.0" but then it still lets the offending IP connect and attempt to get mail thru.
In other cases, postscreen would disconnect the offending IP, but apparently doesnt in DNSBL case? Is this intended functionality?
version: Zimbra 8.8.8_GA_2009 (build 20180322150747)
Log entrys:
Code: Select all
Jun 5 06:30:49 mail postfix/postscreen[23016]: CONNECT from [13.111.113.167]:44011 to [[local ip of mail server]]:25
Jun 5 06:30:49 mail postfix/dnsblog[23019]: addr 13.111.113.167 listed by domain list.dnswl.org as 127.0.15.0
Jun 5 06:30:55 mail postfix/postscreen[23016]: PASS NEW [13.111.113.167]:44011
Jun 5 06:30:55 mail postfix/smtpd[23136]: connect from mta2.mailerweb.trainingdoyens.com[13.111.113.167]
Jun 5 06:30:57 mail postfix/smtpd[23136]: Anonymous TLS connection established from mta2.mailerweb.trainingdoyens.com[13.111.113.167]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jun 5 06:30:59 mail postfix/smtpd[23136]: NOQUEUE: filter: RCPT from mta2.mailerweb.trainingdoyens.com[13.111.113.167]: <bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com> to=<[redactedforzimbraforums]> proto=ESMTP helo=<mta2.mailerweb.trainingdoyens.com>
Jun 5 06:30:59 mail postfix/smtpd[23136]: NOQUEUE: filter: RCPT from mta2.mailerweb.trainingdoyens.com[13.111.113.167]: <bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com> to=<[redactedforzimbraforums]> proto=ESMTP helo=<mta2.mailerweb.trainingdoyens.com>
Jun 5 06:30:59 mail postfix/smtpd[23136]: B91AD1741755: client=mta2.mailerweb.trainingdoyens.com[13.111.113.167]
Jun 5 06:30:59 mail postfix/cleanup[23394]: B91AD1741755: message-id=<5079f3d0-6564-4d89-8e51-da19751058e2@dfw1s10mta699.xt.local>
Jun 5 06:30:59 mail postfix/qmgr[5180]: B91AD1741755: from=<bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com>, size=19942, nrcpt=1 (queue active)
Jun 5 06:30:59 mail amavis[10352]: (10352-06) ESMTP [127.0.0.1]:10024 /opt/zimbra/data/amavisd/tmp/amavis-20190605T010104-10352-ahbnT8xq: <bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com> -> <[redactedforzimbraforums]> SIZE=19942 BODY=8BITMIME Received: from mail.redactedforzimbraforums.com ([127.0.0.1]) by localhost (mail.redactedforzimbraforums.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <[redactedforzimbraforums]>; Wed, 5 Jun 2019 06:30:59 -0600 (MDT)
Jun 5 06:30:59 mail postfix/smtpd[23136]: disconnect from mta2.mailerweb.trainingdoyens.com[13.111.113.167] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jun 5 06:30:59 mail amavis[10352]: (10352-06) dkim: VALID Author+Sender signature by d=invitationweb.trainingdoyens.com, From: <matthew@invitationweb.trainingdoyens.com>, a=rsa-sha256, c=relaxed/relaxed, s=10dkim1, i=matthew@invitationweb.trainingdoyens.com, m.list(ml:100025235.xt.local)
Jun 5 06:30:59 mail amavis[10352]: (10352-06) Checking: mzBusUE2Ygit [13.111.113.167] <bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com> -> <[redactedforzimbraforums]>
Jun 5 06:30:59 mail amavis[10352]: (10352-06) p003 1 Content-Type: multipart/alternative
Jun 5 06:30:59 mail amavis[10352]: (10352-06) p001 1/1 Content-Type: text/plain, size: 2629 B, name:
Jun 5 06:30:59 mail amavis[10352]: (10352-06) p002 1/2 Content-Type: text/html, size: 14887 B, name:
Jun 5 06:31:00 mail amavis[10352]: (10352-06) _WARN: Negative repeat count does nothing at /opt/zimbra/common/sbin/amavisd line 16413.
Jun 5 06:31:00 mail amavis[10352]: (10352-06) spam-tag, <bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com> -> <[redactedforzimbraforums]>, No, score=-1.117 required=0.6 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, STYLE_GIBBERISH=0.881, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Jun 5 06:31:00 mail postfix/amavisd/smtpd[23399]: connect from localhost.localdomain[127.0.0.1]
Jun 5 06:31:00 mail postfix/amavisd/smtpd[23399]: 64EC91741947: client=localhost.localdomain[127.0.0.1]
Jun 5 06:31:00 mail postfix/cleanup[23394]: 64EC91741947: message-id=<5079f3d0-6564-4d89-8e51-da19751058e2@dfw1s10mta699.xt.local>
Jun 5 06:31:00 mail postfix/amavisd/smtpd[23399]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 5 06:31:00 mail postfix/qmgr[5180]: 64EC91741947: from=<bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com>, size=20876, nrcpt=1 (queue active)
Jun 5 06:31:00 mail amavis[10352]: (10352-06) mzBusUE2Ygit FWD from <bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com> -> <[redactedforzimbraforums]>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 64EC91741947
Jun 5 06:31:00 mail amavis[10352]: (10352-06) Passed CLEAN {RelayedInbound}, [13.111.113.167]:44011 [13.111.113.167] <bounce-1311_HTML-57147456-88739-100025235-23@bounce.mailerweb.trainingdoyens.com> -> <[redactedforzimbraforums]>, Queue-ID: B91AD1741755, Message-ID: <5079f3d0-6564-4d89-8e51-da19751058e2@dfw1s10mta699.xt.local>, mail_id: mzBusUE2Ygit, Hits: -1.117, size: 19909, queued_as: 64EC91741947, dkim_sd=10dkim1:invitationweb.trainingdoyens.com, 545 ms
Jun 5 06:31:00 mail amavis[10352]: (10352-06) TIMING-SA [total 348 ms, cpu 320 ms] - parse: 1.42 (0.4%), extract_message_metadata: 27 (7.7%), get_uri_detail_list: 4.1 (1.2%), tests_pri_-1000: 6 (1.7%), tests_pri_-950: 0.97 (0.3%), tests_pri_-900: 0.97 (0.3%), tests_pri_-90: 21 (6.1%), check_bayes: 20 (5.7%), b_tokenize: 9 (2.7%), b_tok_get_all: 5 (1.5%), b_comp_prob: 3.5 (1.0%), b_tok_touch_all: 0.06 (0.0%), b_finish: 0.39 (0.1%), tests_pri_0: 275 (79.0%), check_spf: 49 (14.1%), poll_dns_idle: 27 (7.8%), tests_pri_10: 1.01 (0.3%), tests_pri_20: 0.81 (0.2%), tests_pri_30: 1.02 (0.3%), check_pyzor: 0.11 (0.0%), tests_pri_500: 2.6 (0.8%), get_report: 0.45 (0.1%)
Jun 5 06:31:00 mail postfix/smtp[23395]: B91AD1741755: to=<[redactedforzimbraforums]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.57/0.01/0/0.54, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 64EC91741947)
Jun 5 06:31:00 mail postfix/qmgr[5180]: B91AD1741755: removed
Code: Select all
zimbraMtaPostscreenDnsblAction drop
zimbraMtaPostscreenDnsblTTL 5m
zimbraMtaPostscreenDnsblThreshold 8
zimbraMtaPostscreenDnsblTimeout 10s
zimbraMtaPostscreenDnsblWhitelistThreshold 0
zimbraMtaPostscreenDnsblSites 'b.barracudacentral.org=127.0.0.2*7'
zimbraMtaPostscreenDnsblSites 'dnsbl.inps.de=127.0.0.2*7'
zimbraMtaPostscreenDnsblSites 'zen.spamhaus.org=127.0.0.[10;11]*8'
zimbraMtaPostscreenDnsblSites 'zen.spamhaus.org=127.0.0.[4..7]*6'
zimbraMtaPostscreenDnsblSites 'zen.spamhaus.org=127.0.0.3*4'
zimbraMtaPostscreenDnsblSites 'zen.spamhaus.org=127.0.0.2*3'
zimbraMtaPostscreenDnsblSites 'list.dnswl.org=127.0.[0..255].0*-2'
zimbraMtaPostscreenDnsblSites 'list.dnswl.org=127.0.[0..255].1*-3'
zimbraMtaPostscreenDnsblSites 'list.dnswl.org=127.0.[0..255].2*-4'
zimbraMtaPostscreenDnsblSites 'list.dnswl.org=127.0.[0..255].3*-5'
zimbraMtaPostscreenDnsblSites 'bl.mailspike.net=127.0.0.2*5'
zimbraMtaPostscreenDnsblSites 'bl.mailspike.net=127.0.0.[10;11;12]*4'
zimbraMtaPostscreenDnsblSites 'wl.mailspike.net=127.0.0.[18;19;20]*-2'
zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.10*8'
zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.5*6'
zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.7*3'
zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.8*2'
zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.6*2'
zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.9*2'