Brain-dead postfix postscreen function
-
I have been watching very closely the impact of postfix postscreen's soft bouncing of each unique IP address… and it's bad. Some emails take 6 hours or more to arrive as we wait for the wheel of SMTP IP addresses (particularly for services like Google) to land on the same IP address twice. This is after a week of IP addresses being cached by postfix forwarder.
As far as I can tell, the only way to disable this feature is to disable postscreen entirely. Is it possible to add a toggle for this soft bouncing of each unique IP address? For those of you who get a lot of mail, and particularly mail you would consider time sensitive, this function is no good.
-
+∞, the softbounce is a horrible idea.
-
+∞, the softbounce is a horrible idea.
Does anyone know if it's possible to kill postscreen's soft bouncing of each unique IP address without disabling postscreen entirely? Now (ideally) or in the next pfsense update? Another week has gone by and this function is still a major problem, particularly when it comes to Google Apps customers trying to email us.
For those of you with postscreen enabled, do you just accept that your users may not get emails for 6 hours or more?
-
Bump… is anyone actually running postfix forwarder? Are you having awkward conversations which include "Haven't you received my email yet?" on a regular basis?
I like the idea of some postscreen functionality... but the soft bouncing has got to go, or at least be configurable.
-
Bump… is anyone actually running postfix forwarder?
Suspect most of people gave up on using this due to the brainfart described here. At least i've seen a couple of posts to this effect lately. Even have seen some quite fugly hacks around this such as grab a whitelist of IPs from Googles' SPF DNS records for Gmail.
-
If anyone is running postfix and doesn't find this too fugly ;) I found this about how to whitelist Google servers:
Comparing the list of subnets to one seen in another thread (now lost) it seems they haven't changed in over a year. Not too surprising, since they are pretty big subnets.
Paste the following into Services > Postfix Forwarder > Access Lists > Client Access Lists > CIDR:
# Google IPv4 addresses 64.18.0.0/20 permit 64.233.160.0/19 permit 66.102.0.0/20 permit 66.249.80.0/20 permit 72.14.192.0/18 permit 74.125.0.0/16 permit 173.194.0.0/16 permit 207.126.144.0/20 permit 209.85.128.0/17 permit 216.239.32.0/19 permit # Google IPv6 addresses 2001:4860:4000::/36 permit 2404:6800:4000::/36 permit 2607:f8b0:4000::/36 permit 2800:3f0:4000::/36 permit 2a00:1450:4000::/36 permit 2c0f:fb50:4000::/36 permitHaven't been able to find anything similar for HotMail but no one I know uses it anyway :)