Re: Uninstalling postgrey
On Wed, May 27, 2020, 8:49 PM Ian Evans, wrote:
> On Wed, May 27, 2020, 11:44 AM @lbutlr, wrote:
>
>> On 24 May 2020, at 19:04, Ian Evans wrote:
>> > Based on another thread here, I want to move to using
>> postscreen/postwhite and ditch postgrey.
>> >
>> > Just want to make sure I don't bungle stopping postgrey.
>> >
>> > So...
>> >
>> > - edit main.cf and remove "check_policy_service inet:127.0.0.1:10023"
>> from smtpd_recipient_restrictions.
>>
>> Comment it out.
>>
>> And don't forget to comment out the corresponding section in master.cf
>>
>> > - restart Postfix
>>
>> That will do it.
>>
>> > - purge the postgrey package.
>>
>> Eventually. Don't need to rush.
>>
>> > Then go about getting postscreen working.
>>
>> As other have said, I'd do that first. But it's really just a few lines.
>>
>> These are my settings, -ish.
>>
>> postscreen_access_list = cidr:$config_directory/postscreen_access.cidr
>>
>> # Maybe start with warn if you're worried
>> postscreen_blacklist_action = drop
>> postscreen_dnsbl_action = enforce
>> postscreen_dnsbl_sites =
>> postscreen_dnsbl_threshold = 3
>> postscreen_dnsbl_ttl = 1d
>> postscreen_dnsbl_whitelist_threshold = -1
>> postscreen_greet_action = enforce
>> postscreen_greet_banner = mail.covisp.net ESTMP -- Please wait
>> postscreen_greet_wait = 11s
>>
>> I've settled on 11s, but you should probably not set
>> postscreen_greet_wait unless you need to as the default is there for a
>> reason. I found for my server 11s cut off a lot more mail, and I haven’t
>> noticed missing anything I want.
>>
>> Default:
>> postscreen_greet_wait = ${stress?{2}:{6}}s
>>
>> The most complicated part is setting up and scoring the rbls, though
>> searching the list archives for 'postscreen_dnsbl_sites' will find you some
>> settings other people use and you can start from there. Be sure and check
>> the specific RBLS to be sure that they allow open access and that they
>> still exist. Zen is very popular an in my opinion the best one out there,
>> but you need to pay for commercial access.
>>
>
> Thanks for the further suggestions.
>
Just wanted to hop back to this thread and thank everyone for the pointers
on Postscreen and removal of Postgrey.
It's so effective and I no longer have to deal with some legitimate senders
being delayed for minutes or sometimes hours.
And yes, I will admit a couple of times I tail -f'd the mail.log to watch
Postscreen work its magic.
Thanks again to Wietse and everyone involved in the Postfix community.
>
Re: Uninstalling postgrey
On Wed, May 27, 2020, 11:44 AM @lbutlr, wrote:
> On 24 May 2020, at 19:04, Ian Evans wrote:
> > Based on another thread here, I want to move to using
> postscreen/postwhite and ditch postgrey.
> >
> > Just want to make sure I don't bungle stopping postgrey.
> >
> > So...
> >
> > - edit main.cf and remove "check_policy_service inet:127.0.0.1:10023"
> from smtpd_recipient_restrictions.
>
> Comment it out.
>
> And don't forget to comment out the corresponding section in master.cf
>
> > - restart Postfix
>
> That will do it.
>
> > - purge the postgrey package.
>
> Eventually. Don't need to rush.
>
> > Then go about getting postscreen working.
>
> As other have said, I'd do that first. But it's really just a few lines.
>
> These are my settings, -ish.
>
> postscreen_access_list = cidr:$config_directory/postscreen_access.cidr
>
> # Maybe start with warn if you're worried
> postscreen_blacklist_action = drop
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites =
> postscreen_dnsbl_threshold = 3
> postscreen_dnsbl_ttl = 1d
> postscreen_dnsbl_whitelist_threshold = -1
> postscreen_greet_action = enforce
> postscreen_greet_banner = mail.covisp.net ESTMP -- Please wait
> postscreen_greet_wait = 11s
>
> I've settled on 11s, but you should probably not set postscreen_greet_wait
> unless you need to as the default is there for a reason. I found for my
> server 11s cut off a lot more mail, and I haven’t noticed missing anything
> I want.
>
> Default:
> postscreen_greet_wait = ${stress?{2}:{6}}s
>
> The most complicated part is setting up and scoring the rbls, though
> searching the list archives for 'postscreen_dnsbl_sites' will find you some
> settings other people use and you can start from there. Be sure and check
> the specific RBLS to be sure that they allow open access and that they
> still exist. Zen is very popular an in my opinion the best one out there,
> but you need to pay for commercial access.
>
Thanks for the further suggestions.
Re: Uninstalling postgrey
On 24 May 2020, at 19:04, Ian Evans wrote:
> Based on another thread here, I want to move to using postscreen/postwhite
> and ditch postgrey.
>
> Just want to make sure I don't bungle stopping postgrey.
>
> So...
>
> - edit main.cf and remove "check_policy_service inet:127.0.0.1:10023" from
> smtpd_recipient_restrictions.
Comment it out.
And don't forget to comment out the corresponding section in master.cf
> - restart Postfix
That will do it.
> - purge the postgrey package.
Eventually. Don't need to rush.
> Then go about getting postscreen working.
As other have said, I'd do that first. But it's really just a few lines.
These are my settings, -ish.
postscreen_access_list = cidr:$config_directory/postscreen_access.cidr
# Maybe start with warn if you're worried
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites =
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 1d
postscreen_dnsbl_whitelist_threshold = -1
postscreen_greet_action = enforce
postscreen_greet_banner = mail.covisp.net ESTMP -- Please wait
postscreen_greet_wait = 11s
I've settled on 11s, but you should probably not set postscreen_greet_wait
unless you need to as the default is there for a reason. I found for my server
11s cut off a lot more mail, and I haven’t noticed missing anything I want.
Default:
postscreen_greet_wait = ${stress?{2}:{6}}s
The most complicated part is setting up and scoring the rbls, though searching
the list archives for 'postscreen_dnsbl_sites' will find you some settings
other people use and you can start from there. Be sure and check the specific
RBLS to be sure that they allow open access and that they still exist. Zen is
very popular an in my opinion the best one out there, but you need to pay for
commercial access.
--
You'd be a very high-level X-Men like Emma Frost's Diamond Form.
Re: Uninstalling postgrey
On Monday, May 25, 2020 10:26:56 PM EDT Ian Evans wrote: > On Mon, May 25, 2020 at 3:35 PM Ian Evans wrote: > > On Mon, May 25, 2020 at 4:09 AM Matus UHLAR - fantomas > > > > wrote: > >> On 24.05.20 21:04, Ian Evans wrote: > >> >Based on another thread here, I want to move to using > >> > >> postscreen/postwhite > >> > >> >and ditch postgrey. > >> > > >> >Just want to make sure I don't bungle stopping postgrey. > >> > > >> >So... > >> > > >> >- edit main.cf and remove "check_policy_service inet:127.0.0.1:10023" > >> > >> from > >> > >> >smtpd_recipient_restrictions. > >> >- restart Postfix > >> >- purge the postgrey package. > >> > > >> >Then go about getting postscreen working. > >> > >> I'd set up postscreen before postgrey, that requires editing master.cf > >> too. > >> however, it's quite easy if you follow the docs. > > > > Thanks everyone for the tips. I'll get working on it. > > Just being purposefully thick here so I don't mess anything up. :-) > > In the Postfix docs it says, for example, to uncomment out this line in > master.cf: > > smtpd pass- - n - - smtpd > > The commented line in my master.cf says: > > #smtpd pass - - - - - smtpd > > So I'm assuming I not only uncomment the line but also change the third > hyphen to an 'n'? And so on with the other lines that might be different > between the docs and the current master.cf? Assuming postfix version > 3, it doesn't matter. The third hyphen is for the chroot value. In postfix << 3 the default was y, so an explicit n was needed. In postfix >= 3 the default is n, so leaving the '-' is the same as 'n'. Scott K
Re: Uninstalling postgrey
On Mon, May 25, 2020 at 3:35 PM Ian Evans wrote: > On Mon, May 25, 2020 at 4:09 AM Matus UHLAR - fantomas > wrote: > >> On 24.05.20 21:04, Ian Evans wrote: >> >Based on another thread here, I want to move to using >> postscreen/postwhite >> >and ditch postgrey. >> > >> >Just want to make sure I don't bungle stopping postgrey. >> > >> >So... >> > >> >- edit main.cf and remove "check_policy_service inet:127.0.0.1:10023" >> from >> >smtpd_recipient_restrictions. >> >- restart Postfix >> >- purge the postgrey package. >> > >> >Then go about getting postscreen working. >> >> I'd set up postscreen before postgrey, that requires editing master.cf >> too. >> however, it's quite easy if you follow the docs. >> >> > Thanks everyone for the tips. I'll get working on it. > Just being purposefully thick here so I don't mess anything up. :-) In the Postfix docs it says, for example, to uncomment out this line in master.cf: smtpd pass- - n - - smtpd The commented line in my master.cf says: #smtpd pass - - - - - smtpd So I'm assuming I not only uncomment the line but also change the third hyphen to an 'n'? And so on with the other lines that might be different between the docs and the current master.cf?
Re: Uninstalling postgrey
On Mon, May 25, 2020 at 4:09 AM Matus UHLAR - fantomas wrote: > On 24.05.20 21:04, Ian Evans wrote: > >Based on another thread here, I want to move to using postscreen/postwhite > >and ditch postgrey. > > > >Just want to make sure I don't bungle stopping postgrey. > > > >So... > > > >- edit main.cf and remove "check_policy_service inet:127.0.0.1:10023" > from > >smtpd_recipient_restrictions. > >- restart Postfix > >- purge the postgrey package. > > > >Then go about getting postscreen working. > > I'd set up postscreen before postgrey, that requires editing master.cf > too. > however, it's quite easy if you follow the docs. > > Thanks everyone for the tips. I'll get working on it.
Re: Uninstalling postgrey
On 24.05.20 21:04, Ian Evans wrote: Based on another thread here, I want to move to using postscreen/postwhite and ditch postgrey. Just want to make sure I don't bungle stopping postgrey. So... - edit main.cf and remove "check_policy_service inet:127.0.0.1:10023" from smtpd_recipient_restrictions. - restart Postfix - purge the postgrey package. Then go about getting postscreen working. I'd set up postscreen before postgrey, that requires editing master.cf too. however, it's quite easy if you follow the docs. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside...
Re: Uninstalling postgrey
On Mon, 25 May 2020 at 02:06, Ian Evans wrote: > > Based on another thread here, I want to move to using postscreen/postwhite > and ditch postgrey. > > Just want to make sure I don't bungle stopping postgrey. > > So... > > - edit main.cf and remove "check_policy_service inet:127.0.0.1:10023" from > smtpd_recipient_restrictions. > - restart Postfix > - purge the postgrey package. > > Then go about getting postscreen working. I suggest that you get postscreen (and maybe postwhite) working first. And before (or after) purging postgrey do: rm -rf /etc/postgrey. I can't try postwhite because it depends on spf-tools, which don't have install instructions for people who aren't git experts.
Uninstalling postgrey
Based on another thread here, I want to move to using postscreen/postwhite and ditch postgrey. Just want to make sure I don't bungle stopping postgrey. So... - edit main.cf and remove "check_policy_service inet:127.0.0.1:10023" from smtpd_recipient_restrictions. - restart Postfix - purge the postgrey package. Then go about getting postscreen working. Thanks.
