Hi, just for my clarification
faq says:
When an SMTP client makes too many connections at the same time, or when
all postscreen(8) ports are busy, postscreen(8) rejects the connection
with a 421 status code and logs:
NOQUEUE: reject: CONNECT from [address]:port: too many connections
NOQUEUE: reject: CONNECT from [address]:port: all server ports busy
The postscreen_client_connection_count_limit and
postscreen_pre_queue_limit parameters control these limits
status: i wanna slow down postscreen, as i do
grep the log to build dynamic firewall rules
but as the high number of bots this doesnt work fast enough
( for the moment i think all speed up that was possible was done on this
side ), i only use zen.spamhaus.org catches via a rsyslog filtered log,
iptables recent is also used, blocking whole coutries didnt help
more 421 would be ok to me, as it does not relate
to "dunno" networks
so question if i reduce
postscreen_client_connection_count_limit and postscreen_pre_queue_limit
will it affect network/24 dunno too, and will help slow down other cons
yet i have
postscreen_dnsbl_sites = zen.spamhaus.org, list.dnswl.org*-5
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_action = enforce
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_greet_action = enforce
postscreen_hangup_action = drop
smtp_tls_block_early_mail_reply = yes
postscreen_bare_newline_action = drop
postscreen_bare_newline_enable = yes
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
/etc/postfix/postscreen_access.cidr
network/24 dunno
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
