Claus R. Wickinghoff:
> Dec 13 09:06:27 mole postfix/postscreen[1729]: PASS NEW
> [45.146.203.135]:60433
[client gets 450 from after-220 tests]
> Dec 13 09:16:27 mole postfix/postscreen[1771]: PASS OLD
> [45.146.203.135]:49121
...
> The problem is: The system starts delivering spam and in the moment it
> connects to my server for the first time, only one blacklist has it on
> the radar. But due to the cache (PASS OLD) it can now deliver as much
> spam as it likes to my server.
Obviously, postscreen cannot predict the future, that is why all
its cached results have a configurable expiration time.
postscreen_bare_newline_ttl = 30d
postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
postscreen_dnsbl_min_ttl = 60s
postscreen_greet_ttl = 1d
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_ttl = 30d
You could try use some combination of more postscreen DNSBLs and a
shorter postscreen_dnsbl_max_ttl. BTW many DNSBLs specify a shorter
TTL than 1H and postscreen will use their TTL instead (but
postscreen_dnsbl_min_ttl takes precedence).
None of this would "fix" your "problem" if a client reconnects in
less time than the DNSBL TTL. That is the whole point of postscreen:
it does not HAVE to stop all spambots, just most of them. It is
perfectly OK to handle the remaining spam with content-based methods.
Wietse
