Re: Optimising new system and postscreen questions

On 01/05/17 13:17, Simon Wilson wrote: > > 3. Any other ways to speed it up, or should I accept the trade-off > between speed and accuracy of result? > If you can create a postscreen white-list of your "regular" remote hosts, they will be almost instantly passed on to the mail server. Hope

Re: Optimising new system and postscreen questions

> On May 1, 2017, at 10:28 AM, Simon Wilson wrote: > > Can anyone comment on the value / no value of having zen.spamhaus as an RBL > in smtpd in addition to it being used by postscreen? Keep both. If you have SpamAssassin doing RBL lookups, raise the concurrency limit

Re: Optimising new system and postscreen questions

Viktor Dukhovni: > On May 1, 2017, at 8:17 AM, Simon Wilson wrote: > > ostscreen is using (threshold 3): > >zen.spamhaus.org*3 >bl.mailspike.net*2 >b.barracudacentral.org*2 >bl.spameatingmonkey.net >bl.spamcop.net >

Re: Optimising new system and postscreen questions

Viktor Dukhovni: > > > On May 1, 2017, at 8:17 AM, Simon Wilson wrote: > > > > ostscreen is using (threshold 3): > > > >zen.spamhaus.org*3 > >bl.mailspike.net*2 > >b.barracudacentral.org*2 > >bl.spameatingmonkey.net > >

Re: Optimising new system and postscreen questions

> On May 1, 2017, at 8:17 AM, Simon Wilson wrote: > > ostscreen is using (threshold 3): > >zen.spamhaus.org*3 >bl.mailspike.net*2 >b.barracudacentral.org*2 >bl.spameatingmonkey.net >bl.spamcop.net >dnsbl.sorbs.net >

Re: Optimising new system and postscreen questions

Simon Wilson: On my new Postfix 2.10 system incoming mail is slow to process (about 15 seconds end to end), and I think it is mainly because DNS queries are slowing things down. The server runs local caching DNS BIND, so it's as quick as I can get it on the slow Internet connection we are on.

Re: Optimising new system and postscreen questions

Simon Wilson: > On my new Postfix 2.10 system incoming mail is slow to process (about > 15 seconds end to end), and I think it is mainly because DNS queries > are slowing things down. > > The server runs local caching DNS BIND, so it's as quick as I can get > it on the slow Internet

RE: Optimising new system and postscreen questions

> -Oorspronkelijk bericht- > Van: si...@simonandkate.net > [mailto:owner-postfix-us...@postfix.org] Namens Simon Wilson > Verzonden: maandag 1 mei 2017 11:20 > Aan: Marco Pizzoli > CC: Postfix users > Onderwerp: Re: Optimising new system and postscreen questions > &g

Re: Optimising new system and postscreen questions

- Message from Marco Pizzoli <marco.pizz...@gmail.com> - Date: Mon, 1 May 2017 11:18:30 +0200 From: Marco Pizzoli <marco.pizz...@gmail.com> Subject: Re: Optimising new system and postscreen questions To: si...@simonandkate.net Cc: Postfix users &l

Re: Optimising new system and postscreen questions

Hello Simon, The server runs local caching DNS BIND, so it's as quick as I can get it on > the slow Internet connection we are on. > I don't qualify mysef expert enough to answer the rest of your points, but for the DNS part I suggest you think about replacing BIND with Unbound, as the DNS

Re: Optimising new system and postscreen questions

- Message from Simon Wilson <si...@simonandkate.net> - Date: Mon, 01 May 2017 18:43:41 +1000 From: Simon Wilson <si...@simonandkate.net> Reply-To: si...@simonandkate.net Subject: Optimising new system and postscreen questions To: Postfix users <postfix-us

Optimising new system and postscreen questions

On my new Postfix 2.10 system incoming mail is slow to process (about 15 seconds end to end), and I think it is mainly because DNS queries are slowing things down. The server runs local caching DNS BIND, so it's as quick as I can get it on the slow Internet connection we are on. At the

Re: postscreen questions

On 5/23/2013 10:23 AM, Wietse Venema wrote: Deeztek Support: On another topic, I had an issue the other day where an outside sender was trying to send e-mail to an internal recipient and their e-mail was getting delayed due to a DNS issue on their end. The exact error was: (Host or domain

Re: postscreen questions

On 23 May 2013, at 10:49, Deeztek Support wrote: On another topic, I had an issue the other day where an outside sender was trying to send e-mail to an internal recipient and their e-mail was getting delayed due to a DNS issue on their end. The exact error was: (Host or domain name not

RE: postscreen questions

...@postfix.org] on behalf of Stan Hoeppner [s...@hardwarefreak.com] Sent: Wednesday, May 22, 2013 4:33 PM To: postfix-users@postfix.org Subject: Re: postscreen questions On 5/22/2013 10:02 AM, Noel Jones wrote: ... Secondly, remember postscreen is intended as a quick-and-simple zombie killer, its only

Re: postscreen questions

Deeztek Support: On another topic, I had an issue the other day where an outside sender was trying to send e-mail to an internal recipient and their e-mail was getting delayed due to a DNS issue on their end. The exact error was: (Host or domain name not found. Name service error for

RE: postscreen questions

Manual whitelisting. /etc/postfix/main.cf: smtpd_recipient_restrictions = ... reject_unauth_destination check_sender_access hash:/etc/postfix/sender_access reject_unknown_sender_domain /etc/postfix/sender_access: rotary.org OK So check_sender_access

Re: postscreen questions

Deeztek Support: Manual whitelisting. /etc/postfix/main.cf: smtpd_recipient_restrictions = ... reject_unauth_destination check_sender_access hash:/etc/postfix/sender_access reject_unknown_sender_domain /etc/postfix/sender_access: rotary.org

Re: postscreen questions

On 22 May 2013, at 14:33 , Stan Hoeppner s...@hardwarefreak.com wrote: I'll make an educated guess that many folks here have configured postscreen simply because it was/is the new thing, without considering whether they -needed- it or not. Many have run into the same address based

postscreen questions

I'm trying out postscreen and I have a couple of questions. First off, here's my postscreen setup: postscreen_access_list = permit_mynetworks postscreen_blacklist_action = enforce postscreen_dnsbl_action = enforce postscreen_greet_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org*3

Re: postscreen questions

On 5/22/2013 8:41 AM, Deeztek Support wrote: I'm trying out postscreen and I have a couple of questions. First off, here's my postscreen setup: postscreen_access_list = permit_mynetworks postscreen_blacklist_action = enforce postscreen_dnsbl_action = enforce postscreen_greet_action =

Re: postscreen questions

On 22 May 2013, at 11:02, Noel Jones wrote: so, the RBLs are getting utilized by postscreen before it even hits the smtp service. So, am I right to assume that the reject_rbl_client lines in my smtpd_recipient_restrictions are no longer needed? No, not needed. But some folks like to leave

Re: postscreen questions

On 5/22/2013 10:02 AM, Noel Jones wrote: ... Secondly, remember postscreen is intended as a quick-and-simple zombie killer, its only purpose is to reduce the workload on the more complex filters further downstream. This fact is not emphasized often enough. Many people forget the intended

Re: Postscreen questions

Hi, - Is PREGREET always a sign of a zombie connection or misconfigured client, or is it possible for properly configured clients to also speak before their turn? It's safe. The only drawback is the pain of delaying mail. So you would recommend blacklist, greet, and dnsbl be safely set to

Re: Postscreen questions

Alex: Hi, - Is PREGREET always a sign of a zombie connection or misconfigured client, or is it possible for properly configured clients to also speak before their turn? It's safe. The only drawback is the pain of delaying mail. So you would recommend blacklist, greet, and dnsbl be

Postscreen questions

Hi, I have two postfix-v2.8.5 hosts for one domain and have configured postscreen on both of them using 'ignore' for all options while I experiment. I have a few questions that I hoped someone could help me to answer: - Do I still need the reject_rbl_client commands in

Re: Postscreen questions

On Saturday 19 November 2011 23:30:21 Alex wrote: I have two postfix-v2.8.5 hosts for one domain and have configured postscreen on both of them using 'ignore' for all options while I experiment. I have a few questions that I hoped someone could help me to answer: - Do I still need the

Re: postscreen questions

On Thu, 27 May 2010, Wietse Venema wrote: Andy Dills: I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains that are very old (well, early 90s) that had a lot of users back in the dialup days. Our approach was to just throw

Re: postscreen questions

Zitat von LuKreme krem...@kreme.com: On 27-May-2010, at 07:34, Andy Dills wrote: I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains that are very old (well, early 90s) that had a lot of users back in the dialup days. Our approach was to

Re: postscreen questions

Andy Dills wrote: On Thu, 27 May 2010, Wietse Venema wrote: Andy Dills: I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains that are very old (well, early 90s) that had a lot of users back in the dialup days. Our approach was to just

Re: postscreen questions

Roderick A. Anderson: Also, would postscreen_cache_map work with a mysql backend? postscreen needs very low latency (I put in explicit tests for this). Also, postscreen requires read, write, iterate support which is implemented only for file-based databases. If table access requires

Re: postscreen questions

Am 28.05.2010 14:13, schrieb lst_ho...@kwsoft.de: Zitat von LuKreme krem...@kreme.com: On 27-May-2010, at 07:34, Andy Dills wrote: I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains that are very old (well, early 90s) that had a lot

Re: postscreen questions

Wietse Venema wrote: Roderick A. Anderson: Also, would postscreen_cache_map work with a mysql backend? postscreen needs very low latency (I put in explicit tests for this). Also, postscreen requires read, write, iterate support which is implemented only for file-based databases. If table

Re: postscreen questions

Zitat von Robert Schetterer rob...@schetterer.org: Am 28.05.2010 14:13, schrieb lst_ho...@kwsoft.de: Zitat von LuKreme krem...@kreme.com: On 27-May-2010, at 07:34, Andy Dills wrote: I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains

postscreen questions

I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains that are very old (well, early 90s) that had a lot of users back in the dialup days. Our approach was to just throw hardware at the problem, and we've had a whole cluster of servers

Re: postscreen questions

Am 27.05.2010 15:34, schrieb Andy Dills: I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains that are very old (well, early 90s) that had a lot of users back in the dialup days. Our approach was to just throw hardware at the problem,

Re: postscreen questions

Andy Dills: I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains that are very old (well, early 90s) that had a lot of users back in the dialup days. Our approach was to just throw hardware at the problem, and we've had a whole

Re: postscreen questions

Andy Dills wrote: I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains that are very old (well, early 90s) that had a lot of users back in the dialup days. Our approach was to just throw hardware at the problem, and we've had a whole

Re: postscreen questions

On 27-May-2010, at 07:34, Andy Dills wrote: I've been investigating postscreen, as we've been address probed/bombed for years, as we have a few domains that are very old (well, early 90s) that had a lot of users back in the dialup days. Our approach was to just throw hardware at the