Am 02.09.2014 um 20:23 schrieb Wietse Venema: > li...@rhsoft.net: >> http://postfix.1071664.n5.nabble.com/postscreen-deep-protocol-tests-without-mail-delays-td20114.html >> >> i found that remembering the original discussion but seems i am >> blind today - how do i tell postscreen to use "deep protocol tests" >> only on 192.168.196.2 but not for connections coming to the primary >> IP 192.168.196.1 of that machine? > > As documented, postscreen does not implement specific controls to > turn specific tests on/off for specific clients. You can whitelist > 192.168.196.1 with the global postscreen_access_list.
i refer to http://postfix.1071664.n5.nabble.com/postscreen-deep-protocol-tests-without-mail-delays-td20114.html * i can't find how to enable "deep protocol tests" at all in the the docs while it is mentioned often http://www.postfix.org/POSTSCREEN_README.html#after_220 explains what it does and that it is disabled by default but not how to enable it * i had not much luck with "postscreen_access_list" and ended with add the monitoring ip to "mynetworks" to solve that issue could you post an example configuration for "postscreen deep protocol tests without mail delays" and enforce "deep protocol tests" only for 192.168.196.2 without at the same time disable the default protocol tests on the first IP and so also implicitly disable "postscreen_greet_action = enforce" on it for bots not coming through the primary MX __________________________________________ another idea to use the backup-MX as trap would be postscreen_whitelist_interfaces = !168.100.189.2, static:all so no client ever makes it to smtpd on that IP and since both are the same machine no legit client ever should connect to the backup-MX
