email builder put forth on 4/8/2011 10:14 PM: > Hello, > > I'm thinking about trying the example suggested in the documentation for > "sleep": > > > /etc/postfix/main.cf: > smtpd_client_restrictions = > sleep 1, reject_unauth_pipelining > smtpd_delay_reject = no
To achieve what goal? Stopping bot spam? There are much better methods available today. > In general, I try to order smtpd_*_restrictions with the least costly first, > so Good habit. > this would be an exception. Has "sleep" shown to be: > > * effective? > * cause performance issues? > * cause any delivery problems? AIUI, this will delay every smtpd connection by 1 second. Since each smtpd process can only process one transaction at a time, on a busy server you'll end up with lots of smtpd processes eating resources, and possibly mail delays if you reach the process limit of 100--incoming connections must wait for an smtpd to become available. As to the effectiveness of sleep in combating bot spam, I have no idea as I've never tried it. > Or is this merely a poor-man's greylisting? In essence, yes. > Am I better off with a policy > server that can selectively implement a greylisting delay? No, you're better off using postscreen and or http://www.hardwarefreak.com/fqrdns.pcre instead of greylisting, which has its own set of performance and resource problems. > I'm using version 2.3.3 You *need* to upgrade. 2.3.3 is ancient and no longer supported. You need 2.8 to get access to postscreen. fqrdns.pcre will work with any version containing pcre support. I'm making an educated guess that you're using CentOS 5.5. I believe the following is a binary rpm for rhel5 x86-64 (CentOS 5), which should be the package you need assuming you're running 64bit CentOS. http://ftp.wl0.org/official/2.8/RPMS-rhel5-x86_64/postfix-2.8.2-1.rhel5.x86_64.rpm This rpm is labeled "experimental" by Simon likely simply because it hasn't seen wide use yet. If you want 2.8 and postscreen, this is likely the quickest way to get there. Or you can download the source from postfix.org and build it yourself. -- Stan
