Postfix - Zombie Blocker persistent whitelist cache



  • Hi All

    This is my first post. I have been using pfsense for a while, but I am not a BSD Guru, so I need some help. My guess is, you will "hear" more from me from now on. :)

    This specific request is about the wonderful Postfix Forwarder (and Mailscanner) package. Thanks Marcelloc for making this, it is amazing and I hope it will be made a part of PFsense down the road.

    The issue I have is with postscreen, or zombie blocker. Actually, it works great. From what I understand of it, it works this way. Correct me if I am wrong (or not accurate).
    1. First message from a new domain is not accepted, postfix holds it until server tries to resend again
    2. when sender domain re-sends it, postfix applies all checks and delivers the message
    3. after this first time, this domain is maked as valid and subsequent emails from this domain are delivered with no delay.

    This is a bit annoying at first, as some domains have very slow resend timeouts, but it is fine. If once a lifetime deal, no problem at all. The issue I found, it seems that this valid domain cache is reset every time the postfix service is restarted, or the firewall rebooted. This is a bit of an issue as for production, it delays mail too much if I have to restart something for any reason. For now, I had to disable it altogether, and rely on mailscanner for antispam.

    Continuing my search, I found on postfix documentation, that latest versions allow us to make this valid domain cache of postscreen, to be persistent. Not sure if I am correct, this is the link I found: http://www.postfix.org/memcache_table.5.html

    I was wondering if there was any way to apply this memcache to be persistent on the PFSense postfix package. I really do not know if it is possible, if we have to wait for package maintainers to implement it, or if someone can guide me on how to do it by hand.

    Thanks
    ilVipero



  • ilvipero,

    Sorry for the delay in replying.  The package doesn't cache the domain.  It caches the IP address of the sending server.

    The postscreen cache (where previously seen IPs are stored)  is held in /var/db/postfix/postscreen_cache.db

    A reboot should not affect that - I've even backed it up and restored it to a fresh install.

    You can see what IPs are in there with

    postmap -s btree:/var/db/postfix/postscreen_cache
    

    Are you running an embedded install of pfSense?


Log in to reply