Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Postfix - Zombie Blocker persistent whitelist cache

    pfSense Packages
    2
    2
    914
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ilvipero
      last edited by

      Hi All

      This is my first post. I have been using pfsense for a while, but I am not a BSD Guru, so I need some help. My guess is, you will "hear" more from me from now on. :)

      This specific request is about the wonderful Postfix Forwarder (and Mailscanner) package. Thanks Marcelloc for making this, it is amazing and I hope it will be made a part of PFsense down the road.

      The issue I have is with postscreen, or zombie blocker. Actually, it works great. From what I understand of it, it works this way. Correct me if I am wrong (or not accurate).
      1. First message from a new domain is not accepted, postfix holds it until server tries to resend again
      2. when sender domain re-sends it, postfix applies all checks and delivers the message
      3. after this first time, this domain is maked as valid and subsequent emails from this domain are delivered with no delay.

      This is a bit annoying at first, as some domains have very slow resend timeouts, but it is fine. If once a lifetime deal, no problem at all. The issue I found, it seems that this valid domain cache is reset every time the postfix service is restarted, or the firewall rebooted. This is a bit of an issue as for production, it delays mail too much if I have to restart something for any reason. For now, I had to disable it altogether, and rely on mailscanner for antispam.

      Continuing my search, I found on postfix documentation, that latest versions allow us to make this valid domain cache of postscreen, to be persistent. Not sure if I am correct, this is the link I found: http://www.postfix.org/memcache_table.5.html

      I was wondering if there was any way to apply this memcache to be persistent on the PFSense postfix package. I really do not know if it is possible, if we have to wait for package maintainers to implement it, or if someone can guide me on how to do it by hand.

      Thanks
      ilVipero

      1 Reply Last reply Reply Quote 0
      • B
        biggsy
        last edited by

        ilvipero,

        Sorry for the delay in replying.  The package doesn't cache the domain.  It caches the IP address of the sending server.

        The postscreen cache (where previously seen IPs are stored)  is held in /var/db/postfix/postscreen_cache.db

        A reboot should not affect that - I've even backed it up and restored it to a fresh install.

        You can see what IPs are in there with

        postmap -s btree:/var/db/postfix/postscreen_cache

        Are you running an embedded install of pfSense?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.