On 4/27/2012 1:54 PM, Bron Gondwana wrote: > Just as an interesting point from a fairly large site (fastmail.fm) we > do something very like that. We run a standalone daemon, and we keep > a "bad list" of IPs who get dumped immediately without even a DNS lookup. > > One of our patches to postfix allows that, dropping the connection while > doing nothing more than a syslog of the IP address.
This is exactly what postscreen is for, no patching necessary. http://www.postfix.org/postconf.5.html#postscreen_access_list Postscreen also will temporarily blacklist RBL listed clients. Subsequent connections get dropped with no DNS lookup for $postscreen_dnsbl_ttl, default 1 hour. http://www.postfix.org/POSTSCREEN_README.html -- Noel Jones
