Mar 142010
 

I’ve been experimenting with postfix 2.8-20100213 “postscreen” feature on my development server.this feature is very usefull for detecting/dropping misbehavior smtp client.

Configuration :

main.cf

postscreen_greet_action = drop
postscreen_dnsbl_sites = zen.spamhaus.org, spam.ipv6.kutukupret.com
postscreen_hangup_action = drop
postscreen_dnsbl_action = drop

master.cf

smtp      inet  n       -       n       -       1       postscreen
smtpd   pass    -       -       n       -       -       smtpd
  -o content_filter=spamchk:dummy
dnsblog  unix   -        -      n       -       0       dnsblog

Logs

Mar 14 12:56:24 fire postfix/postscreen[19999]: PASS OLD 2001:4f8:fff6::35 
Mar 14 12:56:24 fire postfix/smtpd[20001]: connect from mx2.freebsd.org[2001:4f8:fff6::35]
--- snipped ---
Mar 14 12:56:28 fire postfix/pipe[20021]: 6979049168: to=<myuser@ipv6.kutukupret.com>, relay=maildrop, delay=0.09, delays=0.01/0.02/0/0.06, dsn=2.0.0, status=sent (delivered via maildrop service)

But i think i’ll wait until this feature is in stable release stage before applying on production machine

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.