'What am I missing? DNSBL on submission port?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    What am I missing?  DNSBL on submission port?
From:       Andrew Sullivan <ajs () anvilwalrusden ! com>
Date:       2019-10-31 23:52:11
Message-ID: 20191031235211.zcdmj2csairofh2a () mx4 ! yitter ! info
[Download RAW message or body]

Hi,

I _know_ I am overlooking something, and I need a clue-bat.  

I use postscreen on the SMTP (25) port and smptd on the submission
port; the latter requires authentication via dovecot.  This usually
works except every now and then when sending mail, almost always from
hotel networks (where I spend a lot of time), I get one of these:

Oct 31 23:31:56 mx4 postfix/smtpd[2575]: connect from unknown[66.171.166.114]
Oct 31 23:31:56 mx4 postfix/smtpd[2575]: Anonymous TLS connection established from \
unknown[66.171.166.114]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 \
                bits)
Oct 31 23:31:56 mx4 postfix/smtpd[2575]: NOQUEUE: reject: RCPT from \
unknown[66.171.166.114]: 554 5.7.1 Service unavailable; Client host [66.171.166.114] \
blocked using sbl.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; \
                from=<ajs@anvilwalrusden.com> to=<REDACTED> proto=ESMTP \
                helo=<anvilwalrusden.com>
Oct 31 23:31:56 mx4 postfix/smtpd[2575]: lost connection after RCPT from \
                unknown[66.171.166.114]
Oct 31 23:31:56 mx4 postfix/smtpd[2575]: disconnect from unknown[66.171.166.114] \
ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 commands=5/6

It seems to me that I have somehow managed to put the DNSBL filters on
my submission port, which seems (1) obviously wrong and (2)
mystifying.  So I'm wondering whether anyone has a hint on what I
should start looking at so that I can fix this.  It's clear to me that
I didn't know what I was doing when I set this up or this wouldn't
have happened; but I'm really, really sure that I am unable to read
all the parts of the documentation now (like this week) to understand
what I did wrong without a clue about where to start digging.  Hence
the plea.

This isn't totally urgent, because my solution is more or less always
to hook up to my phone, which pretty reliably doesn't have this
problem.  But it annoys me that I've messed it up.

Thanks for your help,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic