Hi, just for my clarification faq says: When an SMTP client makes too many connections at the same time, or when all postscreen(8) ports are busy, postscreen(8) rejects the connection with a 421 status code and logs:
NOQUEUE: reject: CONNECT from [address]:port: too many connections NOQUEUE: reject: CONNECT from [address]:port: all server ports busy The postscreen_client_connection_count_limit and postscreen_pre_queue_limit parameters control these limits status: i wanna slow down postscreen, as i do grep the log to build dynamic firewall rules but as the high number of bots this doesnt work fast enough ( for the moment i think all speed up that was possible was done on this side ), i only use zen.spamhaus.org catches via a rsyslog filtered log, iptables recent is also used, blocking whole coutries didnt help more 421 would be ok to me, as it does not relate to "dunno" networks so question if i reduce postscreen_client_connection_count_limit and postscreen_pre_queue_limit will it affect network/24 dunno too, and will help slow down other cons yet i have postscreen_dnsbl_sites = zen.spamhaus.org, list.dnswl.org*-5 postscreen_dnsbl_threshold = 1 postscreen_dnsbl_action = enforce postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = drop postscreen_greet_action = enforce postscreen_hangup_action = drop smtp_tls_block_early_mail_reply = yes postscreen_bare_newline_action = drop postscreen_bare_newline_enable = yes postscreen_non_smtp_command_enable = yes postscreen_pipelining_enable = yes smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy /etc/postfix/postscreen_access.cidr network/24 dunno -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria