Re: [policyd-users] greylisting vs postfix smtpd_hard_error_limit
Cami Sardinha wrote: Geert Hendrickx wrote: Hi, has anyone experienced bad interaction between greylisting and (by default) low smtpd_hard_error_limit settings in postfix? Our smtpd_hard_error_limit has always been pretty high so I can't tell from my own experience. But with greylisting, clients get an error on each RCPT command initially, so I can imagine that (legitimate) bulk senders may get disconnected too easily and will only be able to insert (by default) 20 RCPT's into the greylisting table at a time, causing unintended extra long delays? Any experiences with that? http://www.postfix.org/postconf.5.html#smtpd_hard_error_limit Interesting. We have at our large installations a very low limit (of 6) and never had any complaints / issues. As Wietse has pointed out, you should be whitelisting the legitimate bulk senders.. Cami - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
Re: [policyd-users] greylisting vs postfix smtpd_hard_error_limit
On Thu, Aug 30, 2007 at 02:32:08PM +0200, Cami Sardinha wrote: As Wietse has pointed out, you should be whitelisting the legitimate bulk senders.. In an ISP environment, it is not obvious to know all your legitimate smtp clients... Geert - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
Re: [policyd-users] greylisting vs postfix smtpd_hard_error_limit
Geert Hendrickx wrote: On Thu, Aug 30, 2007 at 02:32:08PM +0200, Cami Sardinha wrote: As Wietse has pointed out, you should be whitelisting the legitimate bulk senders.. In an ISP environment, it is not obvious to know all your legitimate smtp clients.. Indeed. We had training mode running for about 2 months in order to identify the top senders / email addresses. After that point when people complained, they were whitelisted. There was a 2 - 3 weeks teething period after going live and then it quietened down. Cami - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
Re: [policyd-users] greylisting vs postfix smtpd_hard_error_limit
On Thu, Aug 30, 2007 at 03:27:08PM +0200, Cami Sardinha wrote: Indeed. We had training mode running for about 2 months in order to identify the top senders / email addresses. After that point when people complained, they were whitelisted. There was a 2 - 3 weeks teething period after going live and then it quietened down. Cami After how long do you expire unauthorized triplets, authorized triplets and auto-whitelisted hosts? We use 1/7/30 days. Geert - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
Re: [policyd-users] greylisting vs postfix smtpd_hard_error_limit
Geert Hendrickx wrote: On Thu, Aug 30, 2007 at 03:27:08PM +0200, Cami Sardinha wrote: Indeed. We had training mode running for about 2 months in order to identify the top senders / email addresses. After that point when people complained, they were whitelisted. There was a 2 - 3 weeks teething period after going live and then it quietened down. After how long do you expire unauthorized triplets, authorized triplets and auto-whitelisted hosts? We use 1/7/30 days. Unfortunately we found that 1 day was too short and there was some really broken MTA's out there.. 2/30/30 - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
