Charles Marcus:
> > We are set up for performance with VRFY probes and by modifying
> > your postfix config file so postfix will not nave a performance
> > issue by setting postfix option smtpd_soft_error_limit to be larger
> > than smtpd_hard_error_limit.
That is nonsense, as demonstrated below:
# postconf smtpd_hard_error_limit=1 smtpd_soft_error_limit=2
# postfix reload
# telnet 127.0.0.1 smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 hades.porcupine.org ESMTP Postfix
hello foo
502 5.5.2 Error: command not recognized
421 4.7.0 hades.porcupine.org Error: too many errors
Connection closed by foreign host.
These people never tested this recommendation, just like they
never tested their software against Postfix or else they would
have been aware of the smtpd_junk_command_limit feature.
It should be safe to dumb down Postfix defenses, provided that
no-one else can connect to your SMTP server.
However given the poor quality assurance with respect to Postfix,
I would be suspicious about the quality assurance of their code.
Wietse
