1 |
On 10/22/2014 01:12 AM, Ajai Khattri wrote: |
2 |
> |
3 |
> Ive been running postgrey for years without any problems but today I |
4 |
> noticed I hadn't gotten email for awhile and realized upon investigation |
5 |
> that postgrey wasnt running so postfix was rejecting mail. |
6 |
|
7 |
For what it's worth, recent versions of postfix ship with a |
8 |
pre-screening daemon called postscreen. It has a suite of tests that |
9 |
work after the initial greeting, and thus have the "negative" side |
10 |
effect that the client must be disconnected (temporarily) if it passes: |
11 |
|
12 |
http://www.postfix.org/POSTSCREEN_README.html#after_220 |
13 |
|
14 |
The main limitation of "after 220 greeting" tests is that a new |
15 |
client must disconnect after passing these tests (reason: postscreen |
16 |
is not a proxy). Then the client must reconnect from the same IP |
17 |
address before it can deliver mail. |
18 |
|
19 |
In other words, it greylists them. So if you're already running a |
20 |
separate greylisting daemon, it's safe for you to enable postscreen and |
21 |
turn on the "deep protocol tests" (see the README). That way you get |
22 |
postscreen's benefit for free and don't need to worry about running a |
23 |
separate greylisting daemon any more. |