Re: RBLS and Hangup
LuKreme wrote:
After reading (and implementing)
http://www.postfix.org/STRESS_README.html#hangup I was wondering if
there is any reason not to extend this behavior to 127.0.0.4-8 (the XBL)?
Also, why would I want:
8 rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
Is there a reason I would only want to hangup on the RBL listed
connections when the server is stressed instead of all the time?
The STRESS_README was written before postfix supported 521 as
a hangup action, so yes, it's reasonable to disconnect after
any RBL hit during stress.
I am somewhat hesitant to recommend using 521 as your
standard RBL reject code since the RFCs don't specifically
mention 521/disconnect as a valid code (421/disconnect is
mentioned as a special case). On the other hand, clients
MUST interpret any 5xx code as a permanent reject. This
hasn't been widely tested and there's just enough wiggle room
here that it's possible some clients will behave badly. But
it's probably fine.
-- Noel Jones
Re: RBLS and Hangup
LuKreme wrote:
On 18-Aug-2009, at 10:42, Noel Jones wrote:
The STRESS_README was written before postfix supported 521 as a hangup
action, so yes, it's reasonable to disconnect after any RBL hit during
stress.
I am somewhat hesitant to recommend using 521 as your standard RBL
reject code since the RFCs don't specifically mention 521/disconnect
as a valid code (421/disconnect is mentioned as a special case). On
the other hand, clients MUST interpret any 5xx code as a permanent
reject. This hasn't been widely tested and there's just enough wiggle
room here that it's possible some clients will behave badly. But it's
probably fine.
Thanks for the info. I think I'm going to go ahead with it since only
about 5% of my mail hits the RBL anyway.
in rbl_relay_maps does each possible IP have to have a separate block is
there a way to 'wild card' them all into one declaration? and are the
line feeds shown in the example significant?
something like:
zen.spamhaus.org=127.0.0.* 521 4.7.1 Service unavailable;
$rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
(obviously that's not going to be the syntax, but is there a way to
combine 4-11 of even 2-11 into one declaration?)
maps_rbl_reject_code = 521
http://www.postfix.org/postconf.5.html#maps_rbl_reject_code
-- Noel Jones
Re: RBLS and Hangup
Quoting LuKreme krem...@kreme.com:
On 18-Aug-2009, at 10:42, Noel Jones wrote:
The STRESS_README was written before postfix supported 521 as a
hangup action, so yes, it's reasonable to disconnect after any RBL
hit during stress.
I am somewhat hesitant to recommend using 521 as your standard
RBL reject code since the RFCs don't specifically mention
521/disconnect as a valid code (421/disconnect is mentioned as a
special case). On the other hand, clients MUST interpret any 5xx
code as a permanent reject. This hasn't been widely tested and
there's just enough wiggle room here that it's possible some
clients will behave badly. But it's probably fine.
Thanks for the info. I think I'm going to go ahead with it since
only about 5% of my mail hits the RBL anyway.
in rbl_relay_maps does each possible IP have to have a separate
block is there a way to 'wild card' them all into one declaration?
and are the line feeds shown in the example significant?
something like:
zen.spamhaus.org=127.0.0.* 521 4.7.1 Service unavailable;
$rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
Using a pcre map type and the example on the page:
/zen\.spamhaus\.org=127\.0\.0\.1(?:0|1)/ 521 4.7.1 Service unavailable;
$rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
(obviously that's not going to be the syntax, but is there a way to
combine 4-11 of even 2-11 into one declaration?)
--
showing snuffy is when Sesame Street jumped the shark
