li...@rhsoft.net:
> * i can't find how to enable "deep protocol tests" at all
> in the the docs while it is mentioned often
> http://www.postfix.org/POSTSCREEN_README.html#after_220 explains
> what it does and that it is disabled by default but not how
> to enable it
QUOTE from POSTSCREEN_README:
Tests after the 220 SMTP server greeting
In this phase of the protocol, postscreen(8) implements a number
of "deep protocol" tests. These tests use an SMTP protocol
engine that is built into the postscreen(8) server.
[limitations, such as mail delivery delays because the client
has to hang up and reconnect]
The following "after 220 greeting" tests are available:
* Command pipelining test
* Non-SMTP command test
* Bare newline test
* When tests fail after the 220 SMTP server greeting
I guess that clarifies what the "deep protocol" tests are.
The idea to avoid the above mail delays is to give postscreen
multiple IP addresses, in the hope that a remote SMTP client will
reconnect immediately to an alternate MX address on the same
postscreen instance.
I have run postscreen that way, but after some time I disabled the
deep protocol tests because they just aren't worth the trouble,
given the traffic that reaches my server.
Wietse
