I just installed a Postfix server and enabled DNSBL-based rejection with
smtpd_recipient_restrictions = check_recipient_access
hash:/usr/local/etc/postfix/conf/bozos, reject_non_fqdn_recipient,
permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_unlisted_recipie
On Fri, Apr 27, 2012, at 06:09 PM, Dennis Guhl wrote:
> The caching is done in your local resolver, not in postfix.
Ok, I can check that and make sure that those results are being returned
from my LAN DNS server's cache.
Is there any way to prevent Postfix from making those repeated DNS
checks, r
On Fri, Apr 27, 2012, at 05:23 PM, Jim Reid wrote:
> The info will already be cached at your local DNS server. So you've
snip.
Nicely explained.
> My advice is to leave this alone. It's already working at maximum
> efficiency pretty much straight out of the box and there are no
> meaningf
On Fri, Apr 27, 2012, at 05:32 PM, Jim Reid wrote:
> This is beginning to smell very
> much like something the DNS already provides for free.
If that auto-expiry hash table functionality is not already build into
Postfix (which would be kind of nice to have for other things to; may
look into i
Please respond to the list as well, thanks.
On Fri, Apr 27, 2012, at 05:38 PM, Jim Reid wrote:
> Er, think about this. How will postscreen do those RBL checks?
Clearly, as I said I'm still reading, I'm not sure.
> It will do DNS lookups!
Right. The 1st time. And if it *was* capable of storin
On Fri, Apr 27, 2012, at 06:43 PM, Bastian Blank wrote:
> On Fri, Apr 27, 2012 at 08:55:15AM -0700, kar...@mailcan.com wrote:
> > smtpd_recipient_restrictions =
> > check_recipient_access hash:/usr/local/etc/postfix/conf/bozos
>
> Remove or at least move _after_ reject_unauth_destination.
On Fri, Apr 27, 2012, at 01:47 PM, Wietse Venema wrote:
> > I'd still think that a local check by Postfix to an 'auto-expiring hash
> > table' (unclear so far it that can be done) to which the 'bad' address
>
> Each Postfix SMTP server caches its own DNSBL lookup results. Those
> results are not
On Fri, Apr 27, 2012, at 08:16 PM, Ansgar Wiechers wrote:
> >>> reject_non_fqdn_recipient
> For my personal mail server I use this rule, too. However, you need to
> be aware that it might reject some legit mail (e.g. from mail servers
> configured by stupid, but valid, customers), hence the
On Fri, Apr 27, 2012, at 02:20 PM, Wietse Venema wrote:
> kar...@mailcan.com:
> Each Postfix SMTP server process is reused.
>
> http://www.postfix.org/postconf.5.html#max_use
> http://www.postfix.org/postconf.5.html#max_idle
That answers my question. Both of the defaults seem to fit nicely
eno
On Fri, Apr 27, 2012, at 08:54 PM, Bron Gondwana wrote:
> Just as an interesting point from a fairly large site (fastmail.fm) we
> do something very like that. We run a standalone daemon, and we keep
> a "bad list" of IPs who get dumped immediately without even a DNS lookup.
>
> One of our patc
On Fri, Apr 27, 2012, at 02:04 PM, /dev/rob0 wrote:
> But consider this: the TTL of a DNSBL listing is a feature. Sometimes
> legitimate sites will be listed, for example, in the CBL. Once they
> clean up the problem, do you still want to block them?
That's not within the scope of my use case.
On Fri, Apr 27, 2012, at 03:12 PM, Wietse Venema wrote:
> For small sites, postscreen has an up-front blacklist that kicks
> off clients before wasting resources on them.
Although I was warned off postscreen in an earlier post being 'heavier'
than the checks against locally cached DNS, your comm
I've been writing scripts for my loganalysis chores. A typical log
entry for a mail transaction looks like,
Apr 28 07:01:28 liam postfix/smtpd[17751]: connect from
out.somewhere.com[99.99.99.99]
Apr 28 07:01:29 liam postfix/smtpd[17751]: 447FC600E1:
client=out.som
On Sat, Apr 28, 2012, at 11:35 AM, John Peach wrote:
> > Since it's Postfix doing the writing to the logs in the 1st place, is it
> > possible to config Postfix to (free)format those
>
> It's not postfix - it's syslog.
If you look in Postfix's source code
./src/util/msg_syslog.c
On Sat, Apr 28, 2012, at 12:19 PM, Noel Jones wrote:
> While it would be possible to patch postfix to write logs
> differently, the better choice is to investigate some of the
> existing log parsers, such as pflogsumm or postfix-logwatch, and
> possibly customize them.
I'll take a look at both o
My recently installed Postfix works as I'd hoped; I moved it into full
production as our corporate server yesterday.
There's one annoyance, and I admit that's all it is, that I'd like to
get rid of. *Noisy* pests. They irritate me.
I'm interested in what others do in similar circumstance.
My
16 matches
Mail list logo
