On Friday, April 8, 2011, Stan Hoeppner <s...@hardwarefreak.com> wrote: > email builder put forth on 4/8/2011 10:14 PM: >> Hello, >> >> I'm thinking about trying the example suggested in the documentation for >> "sleep": >> >> >> /etc/postfix/main.cf: >> smtpd_client_restrictions = >> sleep 1, reject_unauth_pipelining >> smtpd_delay_reject = no > > To achieve what goal? Stopping bot spam? There are much better methods > available today. > >> In general, I try to order smtpd_*_restrictions with the least costly first, >> so > > Good habit. > >> this would be an exception. Has "sleep" shown to be: >> >> * effective? >> * cause performance issues? >> * cause any delivery problems? > > AIUI, this will delay every smtpd connection by 1 second. Since each > smtpd process can only process one transaction at a time, on a busy > server you'll end up with lots of smtpd processes eating resources, and > possibly mail delays if you reach the process limit of 100--incoming > connections must wait for an smtpd to become available. As to the > effectiveness of sleep in combating bot spam, I have no idea as I've > never tried it. > >> Or is this merely a poor-man's greylisting? > > In essence, yes. > >> Am I better off with a policy >> server that can selectively implement a greylisting delay? > > No, you're better off using postscreen and or > http://www.hardwarefreak.com/fqrdns.pcre instead of greylisting, which > has its own set of performance and resource problems. > >> I'm using version 2.3.3 > > You *need* to upgrade. 2.3.3 is ancient and no longer supported. You > need 2.8 to get access to postscreen. fqrdns.pcre will work with any > version containing pcre support. I'm making an educated guess that > you're using CentOS 5.5. I believe the following is a binary rpm for > rhel5 x86-64 (CentOS 5), which should be the package you need assuming > you're running 64bit CentOS. > > http://ftp.wl0.org/official/2.8/RPMS-rhel5-x86_64/postfix-2.8.2-1.rhel5.x86_64.rpm > > This rpm is labeled "experimental" by Simon likely simply because it > hasn't seen wide use yet. If you want 2.8 and postscreen, this is > likely the quickest way to get there. Or you can download the source > from postfix.org and build it yourself.
If you don't have a 64-bit system and/or want to upgrade using the Postfix source, very easy instructions are here: http://stevejenkins.com/blog/2011/01/building-postfix-2-8-on-rhel5-centos-5-from-source/ SteveJ
