Wietse Venema wrote: > Postfix snapshot 20091008 includes an updated version of the > postscreen daemon. This means it is no longer limited to the > non-production releases. >
Nice!
There is a cool feature on OpenBSD's spamd that makes zombies suffer a lot:
-S secs Stutter at greylisted connections for the specified amount of
seconds, after which the connection is not stuttered at.
The default is 10; maximum is 90.
-s secs Delay each character sent to the client by the specified amount
of seconds. The default is 1; maximum is 10.
http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8
Discarding the greylist feature, sending data very slowly makes zombies
suffer and does not eat our bandwidth.
1) Wait X seconds to send the pre-greeting to detect out of order commands
2) If the client has waited accordingly, optionally, send another
"220-text..." greeting line but slowly, like spamd does.
3) If the client is still there, whitelist it for a day.
Another suggestion: rise the default postscreen_greet_wait from 4 to 10
seconds, or even 15 or 20. I've been using smtpd_error_sleep_time=30s
and so far I had no problems for years and it is very effective keeping
dictionary floods away.
With a setup like this I believe greylisting is not that relevant any more.
Great work.
Miguel
signature.asc
Description: OpenPGP digital signature
