Hi, >> - Is PREGREET always a sign of a zombie connection or misconfigured >> client, or is it possible for properly configured clients to also >> speak before their turn? > > It's safe. The only drawback is the pain of delaying mail.
So you would recommend blacklist, greet, and dnsbl be safely set to drop? postscreen_dnsbl_threshold = 2 postscreen_dnsbl_action = drop postscreen_greet_action = drop postscreen_blacklist_action = drop What is the benefit to enforce allowing the other tests to complete? It is just for the benefit of the logging info? >> - Is something like this pregreet enough to reject the client and >> blacklist them? >> Nov 19 23:45:06 mail02 postfix/postscreen[12487]: PREGREET 16 >> after 0.36 from [113.177.86.240]:1974: HELO localhost\r\n > > Pregreet traffic and "HELO localhost" are each very strong spam signs. > In fact I believe that CBL (which is part of Zen) lists "HELO > localhost" clients. Yes, and perhaps acts as a CBL list of its own? >> - I don't fully understand the "MX Policy test" section of the >> HOWTO. How do I configure postscreen to listen on both the primary >> and backup MX addresses? Is this referring to create a virtual >> interface for the backup MX on the actual primary server? So there >> would be two IPs for the backup MX host? > > You bind another IP address on the interface of the default route. > This is not a "virtual interface", this is merely another IP address > bound on the same host. "dig slackbuilds.org. mx", this is mine. .211 > is the primary, .214 secondary. .214 is excepted from > postscreen_whitelist_interfaces. See > postconf.5.html#postscreen_whitelist_interfaces for syntax. Okay, I'm only using postfix-v2.8 now, but this has to work with DNS to create an MX on this address too, then, correct? I think that's the part I didn't understand. >> Could one of these options have caused this error below? If not, >> any idea how this could have happened? Will clients resend, or >> have I lost mail here and the sender notified? >> >> Nov 20 00:02:55 mail02 postfix/postscreen[20334]: NOQUEUE: reject: >> RCPT from [93.74.115.187]:64752: 450 4.3.2 Service currently >> unavailable; from=<n1e...@yahoo.com>, >> to=<mkchantal.k...@example.com>, proto=SMTP, >> helo=<server.auff.dns.yahoo.com> > > This is normal and expected. Reread POSTSCREEN_README.html#after_220 > namely, the "Important note" and following text. Okay, I think I understand. The way these are distinguished from actual rejects are the SMTP response codes, correct? This must add a significant amount to the logs. Thanks again, Alex
