On 12/08/2010 01:52 AM, Stan Hoeppner wrote: >> > this is what I added: >> > smtpd_recipient_restrictions = permit_mynetworks >> > permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client >> > dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender >> > dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org, >> > reject_unknown_sender_domain,reject_unknown_recipient_domain, >> > reject_non_fqdn_sender, >> > reject_non_fqdn_recipient,check_reverse_client_hostname_access >> > pcre:/etc/postfix/fqrdns.pcre
> You should have > > check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre > > as the _first_ entry after reject_unauth_destination. Why perform all > of those expensive DNS lookups if they aren't going to fire, and then > search a 1600 line PCRE table which takes a tenth of a second? Always > implement the least costly parameters first, the most costly last. The > exception to this rule is correct order processing of whitelists. They > can be more expensive, but they have to go at the top of the order. I didn't realize they were order specific.. it now reads: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated, reject_unauth_destination check_client_access pcre:/etc/postfix/fqrdns.pcre, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org, reject_unknown_sender_domain,reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_client_access cidr:/etc/postfix/china.cidr and reload postfix.. is that better? > > Keep in mind the parameter you're using only works in Postfix 2.6 or > later. If you're on 2.5 or earlier, you need to use > > check_client_access pcre:/etc/postfix/fqrdns.pcre > instead. ah, yup, Debian Lenny, running ii postfix 2.5.5-1.1 High-performance mail transport agent ii postfix-mysql 2.5.5-1.1 MySQL map support for Postfix ii postfix-pcre 2.5.5-1.1 PCRE map support for Postfix -- Paul Cartwright Registered Linux user # 367800