2012/2/10 Ralf Hildebrandt <ralf.hildebra...@charite.de>: > * Chris <xchris...@googlemail.com>: > >> > The "deep inspection" and postscreen isn't enabled as well (I think) >> >> You mean the "deep protocol tests"? > > The stuff with the "deep" in it, yes > >> Can I disable these "deep protocol tests" in postscreen? > > By default they're not enabled :) according to > http://www.postfix.org/POSTSCREEN_README.html#after_220 > which you already quoted. > > They are being enabled like this: > > * Command pipelining test > postscreen_pipelining_enable = yes > > * Non-SMTP command test > postscreen_non_smtp_command_enable = yes > > * Bare newline test > postscreen_bare_newline_enable = yes > > The defaults are: > > mail:~# postconf -d|egrep postscreen_.*_enable > postscreen_bare_newline_enable = no > postscreen_non_smtp_command_enable = no > postscreen_pipelining_enable = no
I've disabled these deep protocol tests now... Now everything should be okay. [root@mx04 ~]# postconf -n | grep postscreen postscreen_access_list = permit_mynetworks postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = ix.dnsbl.manitu.net, zen.spamhaus.org, b.barracudacentral.org, list.dnswl.org*-2 postscreen_dnsbl_threshold = 1 postscreen_greet_action = drop With this configuration, it should be no 4xx error for new IPs? Thank you for your help. -- Chris
