DL Neil:
> The daily pflogsumm report shows that (in recent days) 60~93% of
> attempts to connect are rejected, and bounce-off Postfix's settings, eg
>
> 450 4.7.1 <00nyBxbT>: Helo command rejected: Host not found;
> proto=SMTP helo=<00nyBxbT> (total: 1)
> 1 115.213.249.159 (<>)
>
> The EHLO string changes with each attempt, but the IP address may be the
> same for dozens, hundreds, or thousands of these.
>
> The server moves along quite calmly, without stressing either RAM or CPU.
>
> Maybe: if it ain't broke, don't fix it?
I have lived without this check for a long time now. Bots are usually
blocked via other mechanisms, such as postscreen pregreet checks
or DNSBL checks.
> That said, is Postfix the best tool for this job, or should something
> else (maybe like Fail2Ban) act as Bouncer, by pre-processing such
> connections? Will welcome rationale(s)...
It's an optimization problem. Many Postfix features block a client
based on what happens within a single SMTP session. Stateful tools
such as Fail2Ban, postfwd, greylist are good for problems that
involve historical context.
Wietse
