On Aug 2, 2012, at 7:03 AM, Stan Hoeppner wrote: > On 8/2/2012 6:26 AM, Chad M Stewart wrote: >> >> On Aug 2, 2012, at 6:07 AM, Wietse Venema wrote: >> >>> Chad M Stewart: >>>> >>>> I am not understanding something correctly. I'm using postscreen >>>> and noticed that a recently connected IP had was not marked as >>>> PASS OLD but rather PASS NEW. See log entires below >>> >>> PASS NEW means there was no cache entry. Postfix does not >>> keep expired entries for eternity. >> >> Is the expired time configurable? >> >> I used to use OpenBSD's spamd (for greylisting). I recall its logic being >> that when IP was whitelisted, it remained on the whitelist for X time since >> its last connection to the host (35 days was the default I believe). In >> other words a system that connects to my mail server a lot would remain on >> the whitelist essentially indefinitely. Systems that only connect to my >> mail server every 45 days would have to go through the whitelist process >> every time. I think 35 days was selected for those once a month systems >> that send out reminders. >> >> I'd like to achieve this same behavior with postscreen, but alas looks like >> not possible. :( > > Then clearly you don't understand why postscreen even exists, nor how it > works. Postscreen is designed to stop bot spam. The other stuff bolted > on such as DNSBL support, whitelists and blacklists was due to feature > creep and most of it was not necessary. > > Postscreen imposes little delay on non-bot smtp clients, whether they're > already cached or not, unless you have deep protocol tests enabled. In
I did have deep protocol tests enabled. Combined with my not having found postscreen_cache_retention_time (or at least not remembered it). -Chad
