Mike Hay:
> Hi list,
>
> I recently configured postscreen on my low volume mailserver and was
> pleased to find that it should be possible to avoid de-facto greylisting
> when doing the deep protocol tests by using a backup MX IP on the same
> host.
>
> After enabling this setup I found that the first client to connect did
> not get treated as I had expected. The client connected to the primary
> MX and got deferred, immediately went to the secondary MX and also got
> deferred. The log snippet below suggests that whitelisting from the
> initial connection completed after the connection to the secondary MX
> and was therefore too late to be effective.
Postfix's deep protocol tests do not complete until the client
closes the connection. That is the whole point of the tests. Flagging
the client as "good" before the session is closed would be a grave
mistake.
I have found that some Sendmail MTAs will make the second connection
(to backup MX) before closing the first one (to primary MX). If you
want to file a bug report, please do so for the client MTA not Postfix.
Wietse
