On 17 Jun 2015, at 22:07, PGNd wrote:
postscreen is one layer in a multi-layer defense. It does not have
to stop all unwanted email. That is what the other layers are for.
Certainly. That does not warrant blindly stacking layers upon one
another simply because one can.
There are certainly layers that postscreen clearly renders marginal
(DNSBL checks in SA postqueue).
Others like fail2ban, I'm simply not sure as yet.
It varies from site to site, but if you have the wrong sort of target
domains you can see things like Cutwail spambots making hundreds of
near-simultaneous connections, fast-talking ("EHLO ylmf-pc" is the
signature) and causing spectacular log explosions. The sheer connection
rate of such bots can amount to a brief DoS, depending on your links and
hardware heft. For reasons that I cannot explain, about 10% of Cutwail
bots survive for months at a time and will come back to you a few hours
to a few days later with a repeat performance. It's not hard for
postscreen to keep Cutwail away from smtpd, but doing so isn't without
cost. A tool like fail2ban may not be able to act fast enough to cut off
the first attack from bots acting like Cutwail, but if configured sanely
(90 days ban for fast-talkers) it can help a great deal.
