Re: fqrdns.pcre

Wed, 08 Dec 2010 06:22:30 -0800 

On 12/08/2010 01:52 AM, Stan Hoeppner wrote:
>> > this is what I added:
>> > smtpd_recipient_restrictions = permit_mynetworks
>> > permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
>> > dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender
>> > dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org,
>> > reject_unknown_sender_domain,reject_unknown_recipient_domain,
>> > reject_non_fqdn_sender,
>> > reject_non_fqdn_recipient,check_reverse_client_hostname_access
>> > pcre:/etc/postfix/fqrdns.pcre

> You should have
> 
> check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre
> 
> as the _first_ entry after reject_unauth_destination.  Why perform all
> of those expensive DNS lookups if they aren't going to fire, and then
> search a 1600 line PCRE table which takes a tenth of a second?  Always
> implement the least costly parameters first, the most costly last.  The
> exception to this rule is correct order processing of whitelists.  They
> can be more expensive, but they have to go at the top of the order.

I didn't realize they were order specific..
it now reads:
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated, reject_unauth_destination check_client_access
pcre:/etc/postfix/fqrdns.pcre, reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org
reject_rhsbl_helo dbl.spamhaus.org,
reject_unknown_sender_domain,reject_unknown_recipient_domain,
reject_non_fqdn_sender, reject_non_fqdn_recipient, check_client_access
cidr:/etc/postfix/china.cidr

and reload postfix..
is that better?


> 
> Keep in mind the parameter you're using only works in Postfix 2.6 or
> later.  If you're on 2.5 or earlier, you need to use
> 
> check_client_access pcre:/etc/postfix/fqrdns.pcre
> instead.

ah, yup, Debian Lenny, running
ii  postfix                                                 2.5.5-1.1
                         High-performance mail transport agent
ii  postfix-mysql                                           2.5.5-1.1
                         MySQL map support for Postfix
ii  postfix-pcre                                            2.5.5-1.1
                         PCRE map support for Postfix


-- 
Paul Cartwright
Registered Linux user # 367800

Reply via email to