Lefteris Tsintjelis:
> On 25/12/2021 17:55, Wietse Venema wrote:
> >
> > Use fail2ban etc. to lock out bad clients, whether they fail SASL
> > requirements, rate limit requirements, or other requirements.
>
> I used to do it with fail2ban for a while and still use it in some cases
> but I wanted something in-house more permanent and more efficient with
> better and larger IP handling capabilities so I switched to a local RBL
> with delay rejects off (even though I wanted the extra info when on) to
> reject everything as early and fast and accurate as possible.
Depends on what you mean with "accurate".
- With smtpd_delay_reject=yes, Postfix logs the client, helo, sender,
and recipient.
- With smtpd_delay_reject=no, Postfix will log a DNSBL 'reject' in
smtpd_client_restrictions without any sender or recipient information.
That makes it difficult to answer questions about "missing" email.
Wietse
