| 1 |
On 24/10/14 15:37, Michael Orlitzky wrote: |
| 2 |
> On 10/22/2014 01:12 AM, Ajai Khattri wrote: |
| 3 |
>> Ive been running postgrey for years without any problems but today I |
| 4 |
>> noticed I hadn't gotten email for awhile and realized upon investigation |
| 5 |
>> that postgrey wasnt running so postfix was rejecting mail. |
| 6 |
> For what it's worth, recent versions of postfix ship with a |
| 7 |
> pre-screening daemon called postscreen. It has a suite of tests that |
| 8 |
> work after the initial greeting, and thus have the "negative" side |
| 9 |
> effect that the client must be disconnected (temporarily) if it passes: |
| 10 |
> |
| 11 |
> http://www.postfix.org/POSTSCREEN_README.html#after_220 |
| 12 |
> |
| 13 |
> The main limitation of "after 220 greeting" tests is that a new |
| 14 |
> client must disconnect after passing these tests (reason: postscreen |
| 15 |
> is not a proxy). Then the client must reconnect from the same IP |
| 16 |
> address before it can deliver mail. |
| 17 |
> |
| 18 |
> In other words, it greylists them. So if you're already running a |
| 19 |
> separate greylisting daemon, it's safe for you to enable postscreen and |
| 20 |
> turn on the "deep protocol tests" (see the README). That way you get |
| 21 |
> postscreen's benefit for free and don't need to worry about running a |
| 22 |
> separate greylisting daemon any more. |
| 23 |
> |
| 24 |
> |
| 25 |
very good, after looking up postscreen i went through a phase of wow, |
| 26 |
how did i miss this, and then even went so far to check when all this |
| 27 |
came about (2011 it seems) |
| 28 |
definitely a good one to know about, for the greylisting and for the |
| 29 |
other tests too. |
| 30 |
one to investigate more, thanks for the tip ! |
Archives