Am 02.09.2014 um 21:51 schrieb Wietse Venema: > li...@rhsoft.net: >> * i can't find how to enable "deep protocol tests" at all >> in the the docs while it is mentioned often >> http://www.postfix.org/POSTSCREEN_README.html#after_220 explains >> what it does and that it is disabled by default but not how >> to enable it > > QUOTE from POSTSCREEN_README: > > Tests after the 220 SMTP server greeting > > In this phase of the protocol, postscreen(8) implements a number > of "deep protocol" tests. These tests use an SMTP protocol > engine that is built into the postscreen(8) server. > > [limitations, such as mail delivery delays because the client > has to hang up and reconnect] > > The following "after 220 greeting" tests are available: > > * Command pipelining test > * Non-SMTP command test > * Bare newline test > * When tests fail after the 220 SMTP server greeting > > I guess that clarifies what the "deep protocol" tests are.
yes, i linked that myself, i know what they are but it does *not* explain how to enable them :-) > The idea to avoid the above mail delays is to give postscreen > multiple IP addresses, in the hope that a remote SMTP client will > reconnect immediately to an alternate MX address on the same > postscreen instance. > > I have run postscreen that way, but after some time I disabled the > deep protocol tests because they just aren't worth the trouble, > given the traffic that reaches my server anyways, i just decided to stay at the follwing config and add a backup-MX record to that non-whitelist-IP, that should kill zombies try *only* on the backup MX or at least make mor burden for them and as i see new clients on the primary MX are still deliver mail fine without a 450 error at the first contect - IMHO a good and cheap compromise postscreen_greet_action = enforce postscreen_whitelist_interfaces = !<backup-mx-ip>, static:all BTW: did you hear often enough that postscreen with RBL weights is the most perfect solution anybody ever implemented to keep most load away from expensive filters and avoid false positives because a error on one list?
