On Sun, Apr 13, 2025 at 10:19:29PM -0400, Greg Klanderman via Postfix-users wrote:
> > This has little to do with hash tables, but as documented in > > https://www.postfix.org/postconf.5.html#postscreen_access_list the only > > supported lookup key is the full IP address, table lookups happen prior > > to any DNS resolution. > > And anyway seems like a premature optimization. No, all of postscreen is an optimisation, and specifically designed to drop known bad connections *quickly* in a single process, while handling hundreds to thousands of connections. In order to make sure that new good connections are still able to get through, it is important that postscreen(8) not get saturated with too many concurrent bad connections, therefore, latency is minimised, with any inconclusive clients that leak through handed off to smtpd(8). > > If you know the associated CIDR blocks, you can use a CIDR table. > > Just a lot more work when I could easily match against the hostname. You can do that in smtpd(8). > >> Is the only option to turn off smtpd_delay_reject and use > >> smtpd_client_restrictions? > > > That's an option, or just accept the fact that rejects will happen > > at RCPT TO, and you'll get better logging of the client HELO, sender > > and recipient address for any rejected messages. > > I was hoping to get all this garbage out of my postfix (proper) logs, > but I can spend a bit more time on log postprocessing I suppose. FWIW, don't worry about extra logging, it may at times be useful. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
