You might want to have a look at fail2ban. It monitors log files and blocks
the offender by inserting an iptables DROP entry.
I block a lot of spammers this way. I wouldn't think of running a mail server
without it.
Bill
On 2/4/2016 4:10 PM, Inteq Solution - Dep. Tehnic wrote:
Thank you Wietse,
450 it is then.
Razvan Constantin
-----Original Message-----
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema
Sent: Thursday, February 04, 2016 11:06 PM
To: Postfix users
Subject: Re: Change Temporary failure in name resolution response code
Inteq Solution - Dep. Tehnic:
"The unknown_client_reject_code parameter specifies the response code
for rejected requests (default: 450). The reply is always 450 in case
the
address->name or name->address lookup failed due to a temporary problem."
But is there a way to change this behaviour to 550/554?
No. You would lose mail whenever DNS times out, and that would be worse than
having some client retry repeatedly. Unless you are running Postfix in a
very limited environment, repeated retries from one system should not be a
problem.
This situation is not exactly temporary and it is happening for over a
month. I could just forget about it, but this server's retry is very
very low.
Postfix considers timeouts as a temporary error. Handling them as a hard
error would do more harm than good. But I repeat myself.
Wietse
