Sad Clouds via Postfix-users:
> Hello, I've read the official documentation on Postfix postscreen
> several times, however I still have a few open questions:
>
> 1. Tests after the 220 SMTP server greeting
>
> Am I correct in thinking that the following tests should not be enabled:
>
> postscreen_pipelining_enable
> postscreen_non_smtp_command_enable
> postscreen_bare_newline_enable
>
> because:
> a) Spam bots can easily implement correct protocol behavior.
> b) The above tests force the SMTP clients to reconnect at a later
> time, which can cause issues with large email providers which
> reconnect from different IP addresses. There seems to be no good
> way to solve the issue apart from manually allowlisting those
> clients.
b. This is the same problem as greylisting (when greylisting is
used without aggregating data from clients with the same IP address
prefix).
> The question I keep asking myself - is it possible to block around 90%
> of spam with Postfix postscreen + various Postfix smtp restrictions,
> and without relying on DNSBLs or complicated external spam filters?
That is not my experience. With my little server, DNSBL blocks 2x
as many connections as PREGREET. This ratio is roughly consistent
over the past 10+ years. But it is a tiny server; your stats may
differ.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
