On 01/05/17 13:17, Simon Wilson wrote:
>
> 3. Any other ways to speed it up, or should I accept the trade-off
> between speed and accuracy of result?
>
If you can create a postscreen white-list of your "regular" remote
hosts, they will be almost instantly passed on to the mail server.
Hope this
> On May 1, 2017, at 10:28 AM, Simon Wilson wrote:
>
> Can anyone comment on the value / no value of having zen.spamhaus as an RBL
> in smtpd in addition to it being used by postscreen?
Keep both. If you have SpamAssassin doing RBL lookups, raise the
concurrency limit of the filter transport.
Viktor Dukhovni:
> On May 1, 2017, at 8:17 AM, Simon Wilson wrote:
>
> ostscreen is using (threshold 3):
>
>zen.spamhaus.org*3
>bl.mailspike.net*2
>b.barracudacentral.org*2
>bl.spameatingmonkey.net
>bl.spamcop.net
>dnsbl.sorbs.net
>hostkar
Viktor Dukhovni:
>
> > On May 1, 2017, at 8:17 AM, Simon Wilson wrote:
> >
> > ostscreen is using (threshold 3):
> >
> >zen.spamhaus.org*3
> >bl.mailspike.net*2
> >b.barracudacentral.org*2
> >bl.spameatingmonkey.net
> >bl.spamcop.net
> >dnsbl.sorb
> On May 1, 2017, at 8:17 AM, Simon Wilson wrote:
>
> ostscreen is using (threshold 3):
>
>zen.spamhaus.org*3
>bl.mailspike.net*2
>b.barracudacentral.org*2
>bl.spameatingmonkey.net
>bl.spamcop.net
>dnsbl.sorbs.net
>hostkarma.junkemailfilte
Simon Wilson:
On my new Postfix 2.10 system incoming mail is slow to process (about
15 seconds end to end), and I think it is mainly because DNS queries
are slowing things down.
The server runs local caching DNS BIND, so it's as quick as I can get
it on the slow Internet connection we are on.
A
Simon Wilson:
> On my new Postfix 2.10 system incoming mail is slow to process (about
> 15 seconds end to end), and I think it is mainly because DNS queries
> are slowing things down.
>
> The server runs local caching DNS BIND, so it's as quick as I can get
> it on the slow Internet connecti
ouis
> -Oorspronkelijk bericht-
> Van: si...@simonandkate.net
> [mailto:owner-postfix-us...@postfix.org] Namens Simon Wilson
> Verzonden: maandag 1 mei 2017 11:20
> Aan: Marco Pizzoli
> CC: Postfix users
> Onderwerp: Re: Optimising new system and postscreen question
- Message from Marco Pizzoli -
Date: Mon, 1 May 2017 11:18:30 +0200
From: Marco Pizzoli
Subject: Re: Optimising new system and postscreen questions
To: si...@simonandkate.net
Cc: Postfix users
Hello Simon,
The server runs local caching DNS BIND, so it's as
Hello Simon,
The server runs local caching DNS BIND, so it's as quick as I can get it on
> the slow Internet connection we are on.
>
I don't qualify mysef expert enough to answer the rest of your points, but
for the DNS part I suggest you think about replacing BIND with Unbound, as
the DNS resolv
- Message from Simon Wilson -
Date: Mon, 01 May 2017 18:43:41 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Optimising new system and postscreen questions
To: Postfix users
On my new Postfix 2.10 system incoming mail is slow to process
(about
On my new Postfix 2.10 system incoming mail is slow to process (about
15 seconds end to end), and I think it is mainly because DNS queries
are slowing things down.
The server runs local caching DNS BIND, so it's as quick as I can get
it on the slow Internet connection we are on.
At the mo
On 23 May 2013, at 10:49, Deeztek Support wrote:
On another topic, I had an issue the other day where an outside sender
was trying to send e-mail to an internal recipient and their e-mail
was getting
delayed due to a DNS issue on their end. The exact error was:
(Host or domain name not found.
On 5/23/2013 10:23 AM, Wietse Venema wrote:
> Deeztek Support:
>> On another topic, I had an issue the other day where an outside
>> sender was trying to send e-mail to an internal recipient and their
>> e-mail was getting delayed due to a DNS issue on their end. The
>> exact error was:
>>
>> (Host
On 22 May 2013, at 14:33 , Stan Hoeppner wrote:
> I'll make an educated guess that many folks here have configured
> postscreen simply because it was/is "the new thing", without considering
> whether they -needed- it or not. Many have run into the same address
> based whitelisting problem mentio
Deeztek Support:
> > Manual whitelisting.
>
> > /etc/postfix/main.cf:
> >smtpd_recipient_restrictions =
> >...
> >reject_unauth_destination
> >check_sender_access hash:/etc/postfix/sender_access
> >reject_unknown_sender_domain
>
> > /etc/postfix/sender_access:
> Manual whitelisting.
> /etc/postfix/main.cf:
>smtpd_recipient_restrictions =
>...
>reject_unauth_destination
>check_sender_access hash:/etc/postfix/sender_access
>reject_unknown_sender_domain
> /etc/postfix/sender_access:
>rotary.org OK
So check_sender
Deeztek Support:
> On another topic, I had an issue the other day where an outside
> sender was trying to send e-mail to an internal recipient and their
> e-mail was getting delayed due to a DNS issue on their end. The
> exact error was:
>
> (Host or domain name not found. Name service error for na
postfix-us...@postfix.org] on
behalf of Stan Hoeppner [s...@hardwarefreak.com]
Sent: Wednesday, May 22, 2013 4:33 PM
To: postfix-users@postfix.org
Subject: Re: postscreen questions
On 5/22/2013 10:02 AM, Noel Jones wrote:
...
> Secondly, remember postscreen is intended as a quick-and-simple
> zombie
On 5/22/2013 10:02 AM, Noel Jones wrote:
...
> Secondly, remember postscreen is intended as a quick-and-simple
> zombie killer, its only purpose is to reduce the workload on the
> more complex filters further downstream.
This fact is not emphasized often enough.
Many people forget the intended pu
On 22 May 2013, at 11:02, Noel Jones wrote:
so, the RBLs are getting utilized by postscreen before it even hits
the smtp service. So, am I right to assume that the
reject_rbl_client lines in my smtpd_recipient_restrictions are no
longer needed?
No, not needed. But some folks like to leave t
On 5/22/2013 8:41 AM, Deeztek Support wrote:
> I'm trying out postscreen and I have a couple of questions. First
> off, here's my postscreen setup:
>
> postscreen_access_list = permit_mynetworks
> postscreen_blacklist_action = enforce
> postscreen_dnsbl_action = enforce
> postscreen_greet_action =
I'm trying out postscreen and I have a couple of questions. First off, here's
my postscreen setup:
postscreen_access_list = permit_mynetworks
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*3
Alex:
> Hi,
>
> >> - Is PREGREET always a sign of a zombie connection or misconfigured
> >> client, or is it possible for properly configured clients to also
> >> speak before their turn?
> >
> > It's safe. The only drawback is the pain of delaying mail.
>
> So you would recommend blacklist, gree
Hi,
>> - Is PREGREET always a sign of a zombie connection or misconfigured
>> client, or is it possible for properly configured clients to also
>> speak before their turn?
>
> It's safe. The only drawback is the pain of delaying mail.
So you would recommend blacklist, greet, and dnsbl be safely s
On Saturday 19 November 2011 23:30:21 Alex wrote:
> I have two postfix-v2.8.5 hosts for one domain and have configured
> postscreen on both of them using 'ignore' for all options while I
> experiment. I have a few questions that I hoped someone could help
> me to answer:
>
> - Do I still need the
Hi,
I have two postfix-v2.8.5 hosts for one domain and have configured
postscreen on both of them using 'ignore' for all options while I
experiment. I have a few questions that I hoped someone could help me
to answer:
- Do I still need the reject_rbl_client commands in
smtpd_recipient_restriction
Zitat von Robert Schetterer :
Am 28.05.2010 14:13, schrieb lst_ho...@kwsoft.de:
Zitat von LuKreme :
On 27-May-2010, at 07:34, Andy Dills wrote:
I've been investigating postscreen, as we've been address probed/bombed
for years, as we have a few domains that are very old (well, early 90s)
tha
Wietse Venema wrote:
Roderick A. Anderson:
Also, would postscreen_cache_map work with a mysql backend?
postscreen needs very low latency (I put in explicit tests for
this). Also, postscreen requires read, write, iterate support
which is implemented only for file-based databases.
If table acce
Am 28.05.2010 14:13, schrieb lst_ho...@kwsoft.de:
> Zitat von LuKreme :
>
>> On 27-May-2010, at 07:34, Andy Dills wrote:
>>>
>>> I've been investigating postscreen, as we've been address probed/bombed
>>> for years, as we have a few domains that are very old (well, early 90s)
>>> that had a lot of
Roderick A. Anderson:
> >>> Also, would postscreen_cache_map work with a mysql backend?
> >> postscreen needs very low latency (I put in explicit tests for
> >> this). Also, postscreen requires read, write, iterate support
> >> which is implemented only for file-based databases.
> >>
> >> If table
Andy Dills wrote:
On Thu, 27 May 2010, Wietse Venema wrote:
Andy Dills:
I've been investigating postscreen, as we've been address probed/bombed
for years, as we have a few domains that are very old (well, early 90s)
that had a lot of users back in the dialup days. Our approach was to just
th
Zitat von LuKreme :
On 27-May-2010, at 07:34, Andy Dills wrote:
I've been investigating postscreen, as we've been address probed/bombed
for years, as we have a few domains that are very old (well, early 90s)
that had a lot of users back in the dialup days. Our approach was to just
throw hardwa
On Thu, 27 May 2010, Wietse Venema wrote:
> Andy Dills:
> >
> > I've been investigating postscreen, as we've been address probed/bombed
> > for years, as we have a few domains that are very old (well, early 90s)
> > that had a lot of users back in the dialup days. Our approach was to just
> >
On 27-May-2010, at 07:34, Andy Dills wrote:
>
> I've been investigating postscreen, as we've been address probed/bombed
> for years, as we have a few domains that are very old (well, early 90s)
> that had a lot of users back in the dialup days. Our approach was to just
> throw hardware at the p
Andy Dills wrote:
I've been investigating postscreen, as we've been address probed/bombed
for years, as we have a few domains that are very old (well, early 90s)
that had a lot of users back in the dialup days. Our approach was to just
throw hardware at the problem, and we've had a whole cluste
Andy Dills:
>
> I've been investigating postscreen, as we've been address probed/bombed
> for years, as we have a few domains that are very old (well, early 90s)
> that had a lot of users back in the dialup days. Our approach was to just
> throw hardware at the problem, and we've had a whole cl
Am 27.05.2010 15:34, schrieb Andy Dills:
>
> I've been investigating postscreen, as we've been address probed/bombed
> for years, as we have a few domains that are very old (well, early 90s)
> that had a lot of users back in the dialup days. Our approach was to just
> throw hardware at the prob
I've been investigating postscreen, as we've been address probed/bombed
for years, as we have a few domains that are very old (well, early 90s)
that had a lot of users back in the dialup days. Our approach was to just
throw hardware at the problem, and we've had a whole cluster of servers
just
39 matches
Mail list logo
