Paul Cartwright put forth on 12/7/2010 2:56 PM: > On 12/07/2010 02:30 PM, Stan Hoeppner wrote: >> Everyone's mileage varies. If you're having good results with Postgrey >> you should try the fqrdns.pcre file that I recommended in the thread you >> replied to. You'll likely see very quickly why greylisting is redundant >> while using that file. > > I downloaded that file, fqrdns.pcre & added it to main.cf > > I looked up the HOW-TO on this, and see where it is added to main.cf ( I > did), but I don't see any output/error for this, how do you monitor its > useage ? would it just give you a log entry in /var/log/maillog?
I just added installation/usage instructions to the top of the file yesterday. As mouss stated, you'll see an entry in your mail log file with detailed optional text, usually identifying the ISP by name. Pflogsumm or logwatch can help you easily see what's going on with Postfix by creating log summaries and statistics. > this is what I added: > smtpd_recipient_restrictions = permit_mynetworks > permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client > dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender > dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org, > reject_unknown_sender_domain,reject_unknown_recipient_domain, > reject_non_fqdn_sender, > reject_non_fqdn_recipient,check_reverse_client_hostname_access > pcre:/etc/postfix/fqrdns.pcre You should have check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre as the _first_ entry after reject_unauth_destination. Why perform all of those expensive DNS lookups if they aren't going to fire, and then search a 1600 line PCRE table which takes a tenth of a second? Always implement the least costly parameters first, the most costly last. The exception to this rule is correct order processing of whitelists. They can be more expensive, but they have to go at the top of the order. Keep in mind the parameter you're using only works in Postfix 2.6 or later. If you're on 2.5 or earlier, you need to use check_client_access pcre:/etc/postfix/fqrdns.pcre instead. -- Stan
