* Wietse Venema <wie...@porcupine.org>: > postscreen is a single process that "screens" all inbound SMTP > connections. Like OpenBSD spamd, it makes the decision whether or not > an SMTP client is allowed to talk to a real SMTP server at all. This is > an attempt to lessen the impact of zombies on Postfix performance.
Let's see how it goes. Maybe it flattens some spikes. > The idea is to do PREGREET and other time-consuming tests on clients > when they connect for the first time. Clients that are "not known to > be bad" will be excluded from these time-consuming tests for several > weeks. Their connections are immediately forwarded (NOT: proxied) to a > real Postfix SMTP server. This keeps the performance good. Makes sense. > In the above example, the SMTP client sent a 20-byte HELO command > before it was allowed to speak. The ?? is a almost certainly a > neutralized <CR><LF>. Yes, all the HELO strings have a "??" at the end. > The program changes by the day as time permits, which is not a lot. > Right now I am using it to gather information on what clients are > doing without messing up my Postfix SMTPD processes. :) > Early results indicate that 1/3 of all the "new" hosts is a > pre-greeter, at least with my own porcupine.org mail server. > I may report more at the Berlin mailserver conference. I'm collecting data at python.org and here... -- Ralf Hildebrandt Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.computerbeschimpfung.de Wenn die Leute mit dem Logfile die IT-Kompetenz von einem Kilo Torfmoos an den Tag legen, ist dem Anschein nach davon auszugehen, dass sie schlicht nicht faehig sind, die Logfiles entsprechend zu verfaelschen. Bei Microsoft Exchange Admins ist das bezueglich SMTP u.ae. leider des Oefteren der Fall. (Ja, es gibt viele Ausnahmen, aber wer Kompetenz im Bezug auf E-Mail besitzt, setzt Exchange nicht direkt am Internet ein.)
