Postfix mailrelay
-
Hmm.. could it be the Postfix "zombie blocker" feature?
C
-
From my POV it is desired. If a remote mail server cannot resend after 69 seconds, then it is probably spam to begin with. Then again, I use postgrey on my mail servers for that feature and not my firewall. I have not had a problem with gmail going though. The longest I have had to wait on an email was 5 minutes.
-
Im currently using the postfix package to weed out the most of the spam and bogus relay attempts.
Great news, you could congratulate postscreen for that.
.
.
.
@Cybdex:Hmm.. could it be the Postfix "zombie blocker" feature?
I told you in all posts that it is a postscreen feature.
take a look on postfix documentation to see how it works.
http://www.postfix.org/POSTSCREEN_README.htmlAnd if you look in antispam tab of postfix package you can see a way to disable this feature.
Take postscreen some hours. Every time you stop and restart postscreen, the whitelist is cleaned.
-
Take postscreen some hours. Every time you stop and restart postscreen, the whitelist is cleaned.
That is not always a good thing. This should probably be persistent across service restarts and reboots with a manual or scheduled cleaning of the while list. Even better if you could clean out entries that are older than a certain age.
-
It's done by postscreen, not by me.
Before version 2.1 of this package, every apply postfix was killed and restarted.
I've changed it to just a reload if services are up.Take a look on postscreen readme
http://www.postfix.org/POSTSCREEN_README.html
-
If this is set:
postscreen_cache_map (btree:$data_direc-tory/postscreen_cache)
Persistent storage for the postscreen(8) server
decisions.Will it not persist the temporary white list across server and service restarts?
-
The location of this file in pfsense is /var/db/postfix/postscreen_cache.db
Postscreen readme says that it's a temporary white list, not persistent.
Temporary whitelist test The postscreen(8) daemon maintains a temporary whitelist for SMTP client IP addresses that have passed all the tests described below. The postscreen_cache_map parameter specifies the location of the temporary whitelist. The temporary whitelist is not used for SMTP client addresses that appear on the permanent access list.
-
Take postscreen some hours. Every time you stop and restart postscreen, the whitelist is cleaned.
That is not always a good thing. This should probably be persistent across service restarts and reboots with a manual or scheduled cleaning of the while list. Even better if you could clean out entries that are older than a certain age.
That is probably what stumbled me aswell, as during my testing of this "feature" the postfix service was restarted frequently (when changing options/blacklist and whatnot). If it would be a "approved list" saved for future referance, and possibly as you say a "age scrubbing" setting for this it would make things a lot smoother. (Or even a editable list)
However, disabling the "zombie blocker" seems to have fixed my gripe. It was not THAT clear for a "non guru" to sift through the documentation and realize that this feature was the culprit that caused "the default behaviour to reject every first connection".
If some day a feature that Podilarius describes here comes configurable and available, i would be happy to give it a new go :)
Thanks for your help guys :)
C
-
The postfix package helps email admins to configure it.
All options where included after many hours reading postfix documentation but you need to know about smtp to understand what they mean.
If you go to ACLS/Filter Maps, you can whitelist some networks/domains in Client Access List.
All features discussed in this forum topic are available in this package.
-
The location of this file in pfsense is /var/db/postfix/postscreen_cache.db
Postscreen readme says that it's a temporary white list, not persistent.
I pulled what I posted from the README. So, the temporary white like might be persistent if set and will be cleared if not set? Documentation seems to not be clear on that. It might be temporary as in the age thing will remove entries. I cannot test this ATM … but should be something the maintainers of postscreen could clear up.