Fred Morris via Postfix-users:
> https://www.postfix.org/SMTPD_ACCESS_README.html#timing
>
> In particular this:
>
> "Some SMTP clients do not expect a negative reply early in the SMTP
> session. When the bad news is postponed until the RCPT TO reply, the
> client goes away as it is supposed to, instead of hanging around
> until a timeout happens, or worse, going into an endless
> connect-reject-connect loop."
That was 25 years ago.
A more contemporary reason for delaying 'reject' until RCPT TO, is
that the logging provides better information about what email is
being rejected. The postscreen daemon follows this approach, too.
Let's say that one wants to reject based on HELO. With
smtpd_delay_reject=no, one would have no idea about the envelope
sender and recipient.
The 'price' paid for this is a few more TCP more roundtrips (depending
on SMTP command pipelining), a bit more logging (which compresses
well), and people like you complaining :-)
> I want to make cypex.ai go away.
What about:
grep -v cypex.ai /var/log/maillog
Your time spent in agony is worth more than the disk space.
> HTTP probes....
Another idea: use a logfile watcher and block the IP address
with a temporary TCP rule.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
