Re: Question on postscreen_pipelining

2019-12-13 Thread Viktor Dukhovni
On Fri, Dec 13, 2019 at 04:35:39PM +0100, ratatouille wrote: > Dec 13 14:18:43 atlas postfix/postscreen[12510]: CONNECT from > [71.6.146.186]:46796 to [185.84.80.145]:25 > Dec 13 14:18:43 atlas postfix/postscreen[12510]: PREGREET 137 after 0 from > [71.6.146.186]:46796: >

Re: configuration postscreen

2019-12-13 Thread Viktor Dukhovni
On Fri, Dec 13, 2019 at 05:40:33PM +0100, Matus UHLAR - fantomas wrote: > >I would avoid unduly short postscreen cache times, that can lead to > >legitimate clients not getting through at all. > > I'm not sure if that would help. Apparently, both postscreen and smtpd will > use the same

Re: SMTP REQUIRETLS (RFC 8689)

2019-12-13 Thread Viktor Dukhovni
On Fri, Dec 13, 2019 at 12:18:42AM +, Max Mazurov wrote: > There is a new SMTP extension called REQUIRETLS (RFC 8689[2]) that can help > this by providing clients with a way to require TLS use with authenticated MX > records for security-sensitive messages. I was involved in the IETF UTA

Re: configuration postscreen

2019-12-13 Thread Matus UHLAR - fantomas
On Fri, Dec 13, 2019 at 11:03:49AM +0100, Claus R. Wickinghoff wrote: Dec 13 09:16:27 mole postfix/postscreen[1771]: PASS OLD [45.146.203.135]:49121 Now it reconnects and with the cache entry it's calssified as "PASS OLD" and got redirected to smtpd... Dec 13 09:16:27 mole

Re: Question on postscreen_pipelining

2019-12-13 Thread Wietse Venema
ratatouille: > Hello! > > postscreen_pipelining_enable = no > > I see this in the log: > > Dec 13 14:18:43 atlas postfix/postscreen[12510]: CONNECT from > [71.6.146.186]:46796 to [185.84.80.145]:25 > Dec 13 14:18:43 atlas postfix/postscreen[12510]: PREGREET 137 after 0 from >

Re: SMTP REQUIRETLS (RFC 8689)

2019-12-13 Thread Wietse Venema
> Max Mazurov: > I would like to start a discussion on how this extension can be useful for > postfix users and whether there is a possibility of getting its support. This proposal appears to have multiple moving parts that involve - signaling intent in a header (TLS-Required), - a remote SMTP

Re: configuration postscreen

2019-12-13 Thread Viktor Dukhovni
On Fri, Dec 13, 2019 at 11:03:49AM +0100, Claus R. Wickinghoff wrote: > Dec 13 09:16:27 mole postfix/postscreen[1771]: PASS OLD [45.146.203.135]:49121 > > Now it reconnects and with the cache entry it's calssified as "PASS OLD" > and got redirected to smtpd... > > Dec 13 09:16:27 mole

Question on postscreen_pipelining

2019-12-13 Thread ratatouille
Hello! postscreen_pipelining_enable = no I see this in the log: Dec 13 14:18:43 atlas postfix/postscreen[12510]: CONNECT from [71.6.146.186]:46796 to [185.84.80.145]:25 Dec 13 14:18:43 atlas postfix/postscreen[12510]: PREGREET 137 after 0 from [71.6.146.186]:46796:

Re: configuration postscreen

2019-12-13 Thread Wietse Venema
Claus R. Wickinghoff: > Dec 13 09:06:27 mole postfix/postscreen[1729]: PASS NEW > [45.146.203.135]:60433 [client gets 450 from after-220 tests] > Dec 13 09:16:27 mole postfix/postscreen[1771]: PASS OLD > [45.146.203.135]:49121 ... > The problem is: The system starts delivering spam and in the