From: Ralf Hildebrandt on
This is postfix-2.8-20100610

From my log:

mail:~# fgrep 79.15.172.144 /var/log/mail.log
Jun 15 18:15:06 mail postfix/dnsblog[12235]: addr 79.15.172.144 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4
Jun 15 18:15:10 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144

So it seems to be listed!

Jun 15 18:15:10 mail postfix/smtpd[4613]: connect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]
Jun 15 18:15:15 mail postgrey[2007]: action=greylist, reason=new, client_name=host144-172-static.15-79-b.business.telecomitalia.it,
client_address=79.15.172.144, sender=backsaw(a)oshima-k.ac.jp, recipient=recipient(a)charite.de

HUH? it was allowed to connect???

Jun 15 18:15:18 mail postfix/smtpd[4613]: NOQUEUE: reject: RCPT from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]:
450 4.2.0 <host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]>: Client host rejected: Temporary error - please try again at a later
time!; from=<backsaw(a)oshima-k.ac.jp> to=<recipient(a)charite.de> proto=SMTP helo=<owjhd.telecomitalia.it>

it was greylisted

Jun 15 18:15:19 mail postfix/smtpd[4613]: disconnect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]

disconnect

Jun 15 18:30:20 mail postfix/dnsblog[15154]: addr 79.15.172.144 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4
Jun 15 18:30:24 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144

again, blacklisted, 15 minutes later.

Jun 15 18:30:24 mail postfix/smtpd[12815]: connect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]
Yet it was allow to pass?

Jun 15 18:30:25 mail postgrey[2007]: whitelisted: host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]
Jun 15 18:30:25 mail postgrey[2007]: action=pass, reason=triplet found, delay=910, client_name=host144-172-static.15-79-b.business.telecomitalia.it, client_address=79.15.172.144, sender=backsaw(a)oshima-k.ac.jp, recipient=recipient(a)charite.de
Jun 15 18:30:25 mail postfix/smtpd[12815]: NOQUEUE: client=host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]
Jun 15 18:30:25 mail amavis[15181]: (15181-19) Checking: tP7FwLCrnqi7 [79.15.172.144] <backsaw(a)oshima-k.ac.jp> -> <recipient(a)charite.de>

# postconf -n |grep screen
postscreen_blacklist_action = drop
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net
postscreen_greet_action = drop
postscreen_whitelist_networks = 141.42.193.0/24, 141.42.202.0/24,
141.42.203.0/24, 141.42.204.0/24, 141.42.206.0/23, 141.42.250.0/24,
193.175.72.0/24, 193.175.74.0/24

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt(a)charite.de | http://www.charite.de


From: Ralf Hildebrandt on
* Ralf Hildebrandt <Ralf.Hildebrandt(a)charite.de>:

> Jun 15 18:30:20 mail postfix/dnsblog[15154]: addr 79.15.172.144 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4
> Jun 15 18:30:24 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144
>
> again, blacklisted, 15 minutes later.
>
> Jun 15 18:30:24 mail postfix/smtpd[12815]: connect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]
> Yet it was allow to pass?

I used mykey.zen.dq.spamhaus.net with reject_rbl_client, and now I have
the ultimate proof:

% tail -f /var/log/mail.log|grep zen

Jun 15 19:00:32 mail-ausfall postfix/dnsblog[18933]: addr 67.233.124.39 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.10
Jun 15 19:00:32 mail-ausfall postfix/dnsblog[18933]: addr 67.233.124.39 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4
Jun 15 19:00:37 mail-ausfall postfix/smtpd[21734]: NOQUEUE: reject: RCPT from va-67-233-124-39.dhcp.embarqhsd.net[67.233.124.39]: 554 5.7.1 Service unavailable; Client host [67.233.124.39] blocked using mykey.zen.dq.spamhaus.net; http://www.spamhaus.org/query/bl?ip=67.233.124.39 -- Contact postmaster(a)charite.de for whitelisting; from=<sender(a)aberystwyth-online.co.uk> to=<recipient(a)charite.de> proto=SMTP helo=<aberystwyth-online.co.uk>

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt(a)charite.de | http://www.charite.de


From: Ralf Hildebrandt on
* Ralf Hildebrandt <Ralf.Hildebrandt(a)charite.de>:

I think it was due to me using:

postscreen_blacklist_action = drop
and no postscreen_dnsbl_action at all.

Once I set
postscreen_dnsbl_action = drop
it seems to work as intended.

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt(a)charite.de | http://www.charite.de