WARNING: Ignoring deprecated option --unzip

Steve Freegard steve.freegard at fsl.com
Tue Jan 27 15:46:52 GMT 2009


Alex Broens wrote:
> 
> Could be misbehaved bots are eating up all your available sessions.
> 
> if you have a zillion of inactive open connections try reducing your
> smtpd_timeout
> 
> start off with and tune according to timeout requirements
> 
> smtpd_timeout = 90s
> (read the postfix docs and understand what this setting can do for you,
> good & bad)

RFC default is 300 seconds you might get away with less; but diagnosing
failures here won't be fun.  Change this with caution...

Our products have a better way of handling this; if a host is
blacklisted or acts peculiarly then we have a separate timeout for it
(60s) which is way safer than reducing this globally.

> Also
> maps_rbl_reject_code = 421
> 
> will trigger an immediate session closing after a RBL reject so
> misbehaved bots won't eaat up all your sessions

That is plain *nasty*.

Instead of getting an instant notice that their mail was rejected a
valid sender would have to wait at least 4 hours for a 'message delayed'
response from their own server.  The sender will then continually retry
the message too.  This will continue until the message is deleted from
the queue of the host or the host is delisted.

If you are going to do this then it's best to do it selectively see:
http://www.postfix.org/STRESS_README.html#hangup

It's way better to set leave 'maps_rbl_reject_code' alone and set
'smtpd_hard_error_limit = 1' instead.

Or alternatively get an anti-spam daemon that doesn't suffer from any of
these problems (we can sell you one of those...).

Regards,
Steve.


More information about the MailScanner mailing list