Thanks for your comments
I am currently trying
postscreen_cache_retention_time = 1d
postscreen_non_smtp_command_ttl = 1d
postscreen_bare_newline_ttl = 1d
postscreen_pipelining_ttl = 1d
FWIW I am also using the "deep protocol tests as a form of grey-listing
Allen C
On 23/08/17 13:24, Wietse Venema wrote:
> Allen Coates:
>> Is there any way of reducing the TTL of the postscreen temporary whitelist?
>
> As of Postfix 3.1, these are the defaults:
>
> postscreen_bare_newline_ttl = 30d
> postscreen_dnsbl_max_ttl =
> ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
> postscreen_dnsbl_min_ttl = 60s
> postscreen_greet_ttl = 1d
> postscreen_non_smtp_command_ttl = 30d
> postscreen_pipelining_ttl = 30d
>
> Earlier versions have postscreen_dnsbl_ttl instead of
> postscreen_dnsbl_max_ttl,
> and they don't have postscreen_dnsbl_min_ttl.
>
>> I am having problems with spammers repeatedly getting through postscreen
>> with a "PASS OLD" result.
>>
>> While I can't stop them trying, at least I can cost them time by making
>> them run the full postscreen gauntlet more frequently...
>
> The postscreen_dnsbl(_max)_ttl setting should fix that.
>
> Wietse
>
