1 |
On 24/10/14 15:37, Michael Orlitzky wrote: |
2 |
> On 10/22/2014 01:12 AM, Ajai Khattri wrote: |
3 |
>> Ive been running postgrey for years without any problems but today I |
4 |
>> noticed I hadn't gotten email for awhile and realized upon investigation |
5 |
>> that postgrey wasnt running so postfix was rejecting mail. |
6 |
> For what it's worth, recent versions of postfix ship with a |
7 |
> pre-screening daemon called postscreen. It has a suite of tests that |
8 |
> work after the initial greeting, and thus have the "negative" side |
9 |
> effect that the client must be disconnected (temporarily) if it passes: |
10 |
> |
11 |
> http://www.postfix.org/POSTSCREEN_README.html#after_220 |
12 |
> |
13 |
> The main limitation of "after 220 greeting" tests is that a new |
14 |
> client must disconnect after passing these tests (reason: postscreen |
15 |
> is not a proxy). Then the client must reconnect from the same IP |
16 |
> address before it can deliver mail. |
17 |
> |
18 |
> In other words, it greylists them. So if you're already running a |
19 |
> separate greylisting daemon, it's safe for you to enable postscreen and |
20 |
> turn on the "deep protocol tests" (see the README). That way you get |
21 |
> postscreen's benefit for free and don't need to worry about running a |
22 |
> separate greylisting daemon any more. |
23 |
> |
24 |
> |
25 |
very good, after looking up postscreen i went through a phase of wow, |
26 |
how did i miss this, and then even went so far to check when all this |
27 |
came about (2011 it seems) |
28 |
definitely a good one to know about, for the greylisting and for the |
29 |
other tests too. |
30 |
one to investigate more, thanks for the tip ! |