Postscreen is a single Postfix 2.8 daemon that keeps spambots away from Postfix SMTP server processes, so that more Postfix server resources remain available for handling mail. It will hopefully become part of the next stable Postfix release.
After adding DNSBL weights and filters two weeks ago, I rewrote the remainder of postscreen in the past 1+ week, and spent the past several days updating documentation so that people can actually use this thing. The re-born postscreen has been running on several sites since the beginning of the weekend. Postscreen now has a built-in SMTP protocol engine that allows it to log the helo/sender/recipient of rejected mail. With a few good DNSBL lists, this can dramatically reduce the load on Postfix SMTP servers (blocking mail without logging is not an option for everyone). One cautionary note: postscreen is meant to handle mail from MTAs not end-user clients. Its protocol tests are safe for properly- implemented MTAs, but they have not been tested with end-user systems. Of course end-user systems should connect to the submission port, not the port 25 that postscreen listens on... See http://www.porcupine.org/postfix-mirror/POSTSCREEN_README.html for an overview, configuration information and more. The last code drop was postfix-2.8-20100913, which is the same code as snapshot 20100912, but with a bunch of minor documentation fixes. Be sure to review the RELEASE_NOTES file if you are upgrading from an older postscreen version - the DNSBL implementation now reveals the DNSBL domain name in SMTP replies, so it needs to be censored to avoid disclosing ZEN etc. passwords. Wietse
