Ralf Hildebrandt:
> I'm trying out postscreen. No unexpected explosions so far.
>
> Question:
>
> Jun 16 16:38:48 mail-ausfall postfix/postscreen[22745]: PREGREET 20 after
> 0.52 from 222.124.4.14: HELO dmx1.bfi0.com??
>
> The client 222.124.4.14 sent "HELO dmx1.bfi0.com??" 0.52s after the
> connection was established. But what does the "20" signify?
postscreen is a single process that "screens" all inbound SMTP
connections. Like OpenBSD spamd, it makes the decision whether or
not an SMTP client is allowed to talk to a real SMTP server at all.
This is an attempt to lessen the impact of zombies on Postfix
performance.
The idea is to do PREGREET and other time-consuming tests on clients
when they connect for the first time. Clients that are "not known
to be bad" will be excluded from these time-consuming tests for
several weeks. Their connections are immediately forwarded (NOT:
proxied) to a real Postfix SMTP server. This keeps the performance
good.
In the above example, the SMTP client sent a 20-byte HELO command
before it was allowed to speak. The ?? is a almost certainly a
neutralized <CR><LF>.
The program changes by the day as time permits, which is not a lot.
Right now I am using it to gather information on what clients are
doing without messing up my Postfix SMTPD processes.
Early results indicate that 1/3 of all the "new" hosts is a
pre-greeter, at least with my own porcupine.org mail server.
I may report more at the Berlin mailserver conference.
Wietse
