Ralf Hildebrandt:
[ Charset UTF-8 unsupported, converting... ]
> * Wietse Venema <wie...@porcupine.org>:
>
> > postscreen is a single process that "screens" all inbound SMTP
> > connections. Like OpenBSD spamd, it makes the decision whether or not
> > an SMTP client is allowed to talk to a real SMTP server at all. This is
> > an attempt to lessen the impact of zombies on Postfix performance.
>
> Let's see how it goes. Maybe it flattens some spikes.
>
> > The idea is to do PREGREET and other time-consuming tests on clients
> > when they connect for the first time. Clients that are "not known to
> > be bad" will be excluded from these time-consuming tests for several
> > weeks. Their connections are immediately forwarded (NOT: proxied) to a
> > real Postfix SMTP server. This keeps the performance good.
>
> Makes sense.
>
> > In the above example, the SMTP client sent a 20-byte HELO command
> > before it was allowed to speak. The ?? is a almost certainly a
> > neutralized <CR><LF>.
>
> Yes, all the HELO strings have a "??" at the end.
>
> > The program changes by the day as time permits, which is not a lot.
> > Right now I am using it to gather information on what clients are
> > doing without messing up my Postfix SMTPD processes.
>
> :)
>
> > Early results indicate that 1/3 of all the "new" hosts is a
> > pre-greeter, at least with my own porcupine.org mail server.
> > I may report more at the Berlin mailserver conference.
>
> I'm collecting data at python.org and here...
Below is a very quick analysis script, barely above the level of
"cat < file | grep foo". I already mentioned that there is not much
time for this. Next on the list is to find out if clients are
listed on DNSBLs. In the 5 seconds of pregreet delay, there is
ample time for DNS queries.
Beware, postscreen is unpolished software. It is not clever about
handling "postfix reload". It just exists, and therefore drops
the connections that it is screening at the time.
Wietse
#!/bin/sh
grep "postscreen" ${1-/var/log/maillog} | perl -e '
while (<>) {
if (/ NEW (\S+)/) { $new{$1}++; }
elsif (/ HANGUP (after \S+)? from (\S+)/) { $hup{$2}++; }
elsif (/ PREGREET \S+ (after \S+)? from (\S+):/) { $pre{$2}++; }
}
for (keys %new) { $new_events += $new{$_}; }
for (keys %hup) { $hup_events += $hup{$_}; }
for (keys %pre) { $pre_events += $pre{$_}; }
printf "%6s/%-6s EVENT\n", "UNIQ", "TOTAL";
printf "%6d/%-6s PASS NEW\n", scalar(keys(%new)), $new_events;
printf "%6d/%-6s HANGUP\n", scalar(keys(%hup)), $hup_events;
printf "%6d/%-6s PREGREET\n", scalar(keys(%pre)), $pre_events;
'
