Alex:
> Hi,
>
> >> - Is PREGREET always a sign of a zombie connection or misconfigured
> >> client, or is it possible for properly configured clients to also
> >> speak before their turn?
> >
> > It's safe. The only drawback is the pain of delaying mail.
>
> So you would recommend blacklist, greet, and dnsbl be safely set to drop?
>
> postscreen_dnsbl_threshold = 2
> postscreen_dnsbl_action = drop
> postscreen_greet_action = drop
> postscreen_blacklist_action = drop
I suggest using "enforce" instead of "drop", so that postscreen
will log the rejected sender, recipient, etc. That will make
trouble-shooting much easier.
If you're concerned about logfile sizes, compression will shrink
them dramatically.
Wietse
