-----Mensaje original----- De: owner-postfix-us...@postfix.org En nombre de Wietse Venema Enviado el: jueves, 2 de marzo de 2023 15:50 Para: Postfix users <postfix-users@postfix.org> CC: 'Postfix users' <postfix-users@postfix.org>; u...@porcupine.org Asunto: Re: Helo reject working?
Alberto: > Except, as in this case, when the would-be sender tries an unsupported > command, e.g. AUTH. It's really not feasible to postpone rejection in > those cases. > > > +1 > I've changed "smtp_delay_reject" directive to "no", because there are > too many connections with this approach. > All of them are attacks, and I don't want lose time or resources > waiting to give an error in the following phase. > > I want to reject with this error. Some legitmate senders are mis-configured, so it would be good to always know the sender and recipient of blocked mail. If you want to block clients without wasting Postfix SMTP server resources, consider turning on postscreen. With this, many spambots don't even get to talk to a Postfix SMTP sertver process. https://www.postfix.org/POSTSCREEN_README.html This will log sender and recipient information. Postscreen relies on DNS reputation services. You would need to configure your resolv.conf to use your own resolver, not a public one. Wietse Thank you Wietse, I already have Postscreen, and blocks many attacks, however, there are still a large amount that pass, and are managed by Postfix, having as common approach, an incorrect hostname in the "helo". Many senders are mis-configured, it's true, perhaps I'll set to "yes" again, some time. Best Regards,
