* LuKreme krem...@kreme.com:
It's in 2.7 only, yes? I'm still running 2.6.
It's in the snapshots
Just add:
postscreen_dnsbl_sites zen.spamhous.org
To a 2.7 config?
No, you really have to read the README, since there are changes to
master.cf as well!
--
Ralf Hildebrandt
* Nataraj incoming-post...@rjl.com:
How does rate limiting work in conjunction with postscreen?
Just like without postscreen
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
On 5/26/2010 8:21 PM, LuKreme wrote:
On 26-May-2010, at 17:01, Noel Jones wrote:
On 5/26/2010 5:34 PM, LuKreme wrote:
postscreen is currently available in the postfix 2.8 snapshots. Instructions
for activating postscreen are included in the RELEASE_NOTES. eg.
On 5/26/2010 2:53 PM, brian wrote:
I've a hunch that the following problem is not something that can be
configured away through postfix but, as I'm well aware that my config-fu
is not the strongest, I'd like any advice more experience among you
might have. I'm sure this isn't a rare problem.
* brian postfix-l...@logi.ca:
organisation). The old domain points to this new server in order to
redirect web traffic. AFAIK, there were never any email addresses
used under the old domain. But, now I've set up postfix, I'm seeing
thousands of failed attempts to send to various fictitious
On 2010-05-26 brian wrote:
I've a hunch that the following problem is not something that can be
configured away through postfix but, as I'm well aware that my
config-fu is not the strongest, I'd like any advice more experience
among you might have. I'm sure this isn't a rare problem.
I
On 26.05.2010, at 21:01, Matt Hayes wrote:
Is there
something more I can do to mitigate the stress on the server?
You could look into using RBLs such as spamhaus etc.
In general RBLs work fine against these dictionary attacks. But in this special
case where not one address exists at the
On 2010-05-26 Ralf Hildebrandt wrote:
Shouldn'T you use at least ONE RBL?
Probably wouldn't hurt, but unless he's trying to fight off spam sent to
valid users (which according to his description doesn't seem to be the
case) he could go without as well.
Regards
Ansgar Wiechers
--
Abstractions
On 10-05-26 03:03 PM, Ralf Hildebrandt wrote:
* brianpostfix-l...@logi.ca:
Which domain is the old one, which is the new one?
One change I suggested was to utilise a .org domain rather than .com
Shouldn'T you use at least ONE RBL?
E.g.:
smtpd_recipient_restrictions =
permit_mynetworks,
On 10-05-26 03:21 PM, Ansgar Wiechers wrote:
The connections are being rejected, so unless your server resources are
being exhausted by the delivery attempts I don't think you have to worry
about it.
As mentioned in another msg, I neglected to mention that postfix is
already being put into
On 5/26/2010 3:29 PM, brian wrote:
On 10-05-26 03:21 PM, Ansgar Wiechers wrote:
The connections are being rejected, so unless your server resources are
being exhausted by the delivery attempts I don't think you have to worry
about it.
As mentioned in another msg, I neglected to mention
On 2010-05-26 brian wrote:
On 10-05-26 03:21 PM, Ansgar Wiechers wrote:
The connections are being rejected, so unless your server resources
are being exhausted by the delivery attempts I don't think you have
to worry about it.
As mentioned in another msg, I neglected to mention that postfix
On 10-05-26 03:24 PM, Ansgar Wiechers wrote:
On 2010-05-26 Ralf Hildebrandt wrote:
Shouldn'T you use at least ONE RBL?
Probably wouldn't hurt, but unless he's trying to fight off spam sent to
valid users (which according to his description doesn't seem to be the
case) he could go without as
On 10-05-26 03:31 PM, Matt Hayes wrote:
I wonder if using something like postscreen from the 2.8-snapshots would
help to curtail some of the resource usage.
Thanks, I'll check it out. However, I'd feel more optimistic about it if
it was named prescreen ;-)
On 5/26/2010 3:35 PM, brian wrote:
On 10-05-26 03:31 PM, Matt Hayes wrote:
I wonder if using something like postscreen from the 2.8-snapshots would
help to curtail some of the resource usage.
Thanks, I'll check it out. However, I'd feel more optimistic about it if
it was named prescreen
On 2010-05-26 brian wrote:
On 10-05-26 03:24 PM, Ansgar Wiechers wrote:
On 2010-05-26 Ralf Hildebrandt wrote:
Shouldn'T you use at least ONE RBL?
Probably wouldn't hurt, but unless he's trying to fight off spam sent
to valid users (which according to his description doesn't seem to be
the
On 10-05-26 03:43 PM, Ansgar Wiechers wrote:
On 2010-05-26 brian wrote:
On 10-05-26 03:24 PM, Ansgar Wiechers wrote:
On 2010-05-26 Ralf Hildebrandt wrote:
Shouldn'T you use at least ONE RBL?
Probably wouldn't hurt, but unless he's trying to fight off spam sent
to valid users (which
On 5/26/2010 2:34 PM, brian wrote:
On 10-05-26 03:24 PM, Ansgar Wiechers wrote:
On 2010-05-26 Ralf Hildebrandt wrote:
Shouldn'T you use at least ONE RBL?
Probably wouldn't hurt, but unless he's trying to fight off spam sent to
valid users (which according to his description doesn't seem to
On 5/26/2010 2:50 PM, brian wrote:
On 10-05-26 03:43 PM, Ansgar Wiechers wrote:
On 2010-05-26 brian wrote:
On 10-05-26 03:24 PM, Ansgar Wiechers wrote:
On 2010-05-26 Ralf Hildebrandt wrote:
Shouldn'T you use at least ONE RBL?
Probably wouldn't hurt, but unless he's trying to fight off spam
On 10-05-26 03:55 PM, Noel Jones wrote:
Some random suggestions...
Use a bogus MX record for the old domain if that domain has no valid
mail recipients. Of course, some bots will connect to your A record
anyway...
OK, I like the sound of that. Per your other email, I think I did, a
long
* brian postfix-l...@logi.ca:
Correct. The SPAM problem is not directed at legitimate accounts
(yet). All of these rejections are for fictitious accounts under the
.com domain. I don't want to accept anything at all for that domain.
However, I must keep the domain pointed at this new server
* brian postfix-l...@logi.ca:
On 10-05-26 03:31 PM, Matt Hayes wrote:
I wonder if using something like postscreen from the 2.8-snapshots would
help to curtail some of the resource usage.
Thanks, I'll check it out. However, I'd feel more optimistic about it
if it was named prescreen ;-)
* Jan-Kaspar Münnich li...@jan-muennich.de:
In general RBLs work fine against these dictionary attacks. But in this
special case where not one address exists at the targeted domain, I
doubt that RBLs would decrease server load, since that would add one
more DNS lookup. I wouldn't see a big
Jan-Kaspar M?nnich:
On 26.05.2010, at 21:01, Matt Hayes wrote:
Is there
something more I can do to mitigate the stress on the server?
You could look into using RBLs such as spamhaus etc.
In general RBLs work fine against these dictionary attacks. But
in this special case where not
On 5/26/2010 4:21 PM, Ralf Hildebrandt wrote:
* brian postfix-l...@logi.ca:
On 10-05-26 03:31 PM, Matt Hayes wrote:
I wonder if using something like postscreen from the 2.8-snapshots would
help to curtail some of the resource usage.
Thanks, I'll check it out. However, I'd feel more
* Matt Hayes domin...@slackadelic.com:
postscreen doesn't require you to use RBL's during its checks,
Ah yes, the earlytalking and all.
however, you have the ability to do so. The nice thing about doing RBL
checks in postscreen is it stops connections from getting to the SMTPD,
thus
On 5/26/2010 4:32 PM, Ralf Hildebrandt wrote:
* Matt Hayes domin...@slackadelic.com:
postscreen doesn't require you to use RBL's during its checks,
Ah yes, the earlytalking and all.
however, you have the ability to do so. The nice thing about doing RBL
checks in postscreen is it stops
brian wrote:
On 10-05-26 03:55 PM, Noel Jones wrote:
Some random suggestions...
Use a bogus MX record for the old domain if that domain has no valid
mail recipients. Of course, some bots will connect to your A record
anyway...
OK, I like the sound of that. Per your other email, I think I
On 5/26/2010 3:12 PM, brian wrote:
On 10-05-26 03:55 PM, Noel Jones wrote:
Some random suggestions...
Use a bogus MX record for the old domain if that domain has no valid
mail recipients. Of course, some bots will connect to your A record
anyway...
OK, I like the sound of that. Per your
Nataraj wrote:
brian wrote:
On 10-05-26 03:55 PM, Noel Jones wrote:
Some random suggestions...
Use a bogus MX record for the old domain if that domain has no valid
mail recipients. Of course, some bots will connect to your A record
anyway...
OK, I like the sound of that. Per your other
On 26-May-2010, at 14:12, brian wrote:
I'll give all that a try. Does this order seem alright?
No, not really.
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unlisted_recipient,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
On 26-May-2010, at 14:28, Matt Hayes wrote:
postscreen doesn't require you to use RBL's during its checks, however,
you have the ability to do so. The nice thing about doing RBL checks in
postscreen is it stops connections from getting to the SMTPD, thus
reducing system load.
Ah. Need to
On 5/26/2010 5:34 PM, LuKreme wrote:
On 26-May-2010, at 14:28, Matt Hayes wrote:
postscreen doesn't require you to use RBL's during its checks, however,
you have the ability to do so. The nice thing about doing RBL checks in
postscreen is it stops connections from getting to the SMTPD, thus
brian put forth on 5/26/2010 1:53 PM:
FWIW, aside from aliases for the usual postmaster, abuse, and webmaster
addresses, this domain has just 2 actual addresses to be maintained. So,
might a whitelist approach be the way to go? Or, is this something i
should leave to iptables/fail2ban?
Care
Noel Jones put forth on 5/26/2010 3:56 PM:
Use ps or top to see how much RAM each smtpd uses, guesstimate from
there. If system swaps, reduce.
Postscreen will help with this, since a single postscreen process can
handle thousands of connections.
To lower memory consumption on your VPS, you
On 26-May-2010, at 17:01, Noel Jones wrote:
On 5/26/2010 5:34 PM, LuKreme wrote:
On 26-May-2010, at 14:28, Matt Hayes wrote:
postscreen doesn't require you to use RBL's during its checks, however,
you have the ability to do so. The nice thing about doing RBL checks in
postscreen is it
On 10-05-26 09:03 PM, Stan Hoeppner wrote:
brian put forth on 5/26/2010 1:53 PM:
FWIW, aside from aliases for the usual postmaster, abuse, and webmaster
addresses, this domain has just 2 actual addresses to be maintained. So,
might a whitelist approach be the way to go? Or, is this something i
On 10-05-26 06:27 PM, LuKreme wrote:
On 26-May-2010, at 14:12, brian wrote:
I'll give all that a try. Does this order seem alright?
No, not really.
smtpd_recipient_restrictions = permit_mynetworks,
reject_unlisted_recipient, reject_invalid_hostname,
reject_non_fqdn_hostname,
brian put forth on 5/26/2010 8:28 PM:
On 10-05-26 09:03 PM, Stan Hoeppner wrote:
brian put forth on 5/26/2010 1:53 PM:
FWIW, aside from aliases for the usual postmaster, abuse, and webmaster
addresses, this domain has just 2 actual addresses to be maintained. So,
might a whitelist approach
Stan Hoeppner wrote:
brian put forth on 5/26/2010 8:28 PM:
On 10-05-26 09:03 PM, Stan Hoeppner wrote:
brian put forth on 5/26/2010 1:53 PM:
FWIW, aside from aliases for the usual postmaster, abuse, and webmaster
addresses, this domain has just 2 actual addresses to be
Nataraj put forth on 5/26/2010 10:06 PM:
How does rate limiting work in conjunction with postscreen? Can the
various rate limits be applied to postcreen or would rate limiting no
longer be necessary. I run in a vmware virtual machine which used to
fall on its knees from both bot and
41 matches
Mail list logo
