On 1/21/2011 12:41 PM, Wietse Venema wrote:
Jerrale G:
I explained why it is needed, as the bare_newline is a good idea and the
same principal we used about 4 years ago, before we moved to postfix. it
is to deter bottlers, on the idea that bottlers and spammers with non
rfc-complian smtp bots only try to connect one time. However, a small
With postscreen, if the bot fails the bare newline test, it will
never be able to deliver mail to Postfix. So, that problem is
solved.
I thought they got an unlimited ammount of attempts; we remedied that
with having our firewall system to catch the same ip, trying to get more
than 5 non-newline connect attempts, to be banned, added to dronebl as a
spammer, and banned from our smtpd in iptables. I guess we'll never see
that trip any alarms if they dont get unlimited attempts to properly
greet the postscreen bare newline.
So, instead of the new config parameters I suggested in the first post,
how about postscreen_bare_newline_attemps = 5, or 0 for unlimited :)
Thanks for the help on both posts Wietse and thanks Noel!
Jerrale G.
SC Senior Admin
