li...@rhsoft.net:
> Hi
>
> are there some data which value is acceptable for
> "postscreen_greet_wait" to not end in legit SMTP servers give up and try
> again later?
I would not recommend more than the 6-second default. Legitimate
mailing lists may operate with reduced time limits, and if a client
hangs up before postscreen_greet_wait completes, then they will
never be added to the postscreen whitelist, and therefore they will
never get a chance to deliver mail.
Wietse
> we see a massive botnet starting with around Dec/27 and daily deliveriy
> attempts rasied from 5000 to 50000 - previously i had 10 seconds and 3
> in case of stress - after raise it for testing to 20 seconds i see *a
> lot * more HANGUP logmessages and so that connections ends in no success
> even if they would pass RBL's if the only would wait
>
> cat maillog | grep HANGUP | grep "Jan 7" | wc -l
> 9883
>
> cat maillog | grep HANGUP | grep "Jan 7 22" | wc -l
> 599
>
