On 7/7/2017 4:34 PM, techlist06 wrote: > I'm working on converting to using postscreen. Studying the details. I > have a question from the docs related to the delays due to the effective > greylisting caused by "Tests after the 220 SMTP server greeting". I believe > my server would qualify as a small site receiving mail for just a few > hundred users. > > Snippet from the Howto: > " The following measures may help to avoid email delays: Small sites: > Configure postscreen(8) to listen on multiple IP addresses, published in DNS > as different IP addresses for the same MX hostname or for different MX > hostnames. This avoids mail delivery delays with clients that reconnect > immediately from the same IP address. > > Can someone help me understand why this helps? If I add an IP to the server > and configure it as a second instance of the MX hostname, how does that help > with a server that may reconnect from a different IP? I though tthat if it > reconnected immediately from the same IP, that would be a good thing. Or > maybe I misunderstood "immediately". I took it to mean immediately after > getting a 4xx response and drop. I assume this doesn't do anything to help > with servers like Google that will connect from a different server? > > Anyway, I'd apprecaite it if someone could elaboate so I understand this > detail. > > Thank you, Scott > > > >
Using multiple MX hosts doesn't help with sites that retry from a different IP. To automatically handle many of those sites, use list.dnswl.org in your list of postscreen_dnsbl_sites with a negative value, and postscreen_dnsbl_whitelist_threshold = -1. Listed mailers will then skip the after 220 tests completely with no further action on your part. http://www.postfix.org/postconf.5.html#postscreen_dnsbl_whitelist_threshold https://www.dnswl.org/ Simple example: # main.cf postscreen_dnsbl_sites = zen.spamhaus.org list.dnswl.org*-1 postscreen_dnsbl_threshold = 1 postscreen_dnsbl_whitelist_threshold = -1 There's also the postwhite project, which populates the postscreen access list with known MTAs from large providers by mining their SPF records. https://github.com/stevejenkins/postwhite -- Noel Jones
