WARNING: Ignoring deprecated option --unzip
Stephen Swaney
steve.swaney at fsl.com
Tue Jan 27 16:09:08 GMT 2009
:)
Steve
--
Steve Swaney
steve at fsl.com
202 595-7760 ext: 601
www.fsl.com
The most accurate and cost effective anti-spam solutions available
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Steve Freegard
> Sent: Tuesday, January 27, 2009 10:47 AM
> To: MailScanner discussion
> Subject: Re: WARNING: Ignoring deprecated option --unzip
>
> Alex Broens wrote:
> >
> > Could be misbehaved bots are eating up all your available sessions.
> >
> > if you have a zillion of inactive open connections try reducing your
> > smtpd_timeout
> >
> > start off with and tune according to timeout requirements
> >
> > smtpd_timeout = 90s
> > (read the postfix docs and understand what this setting can do for
> you,
> > good & bad)
>
> RFC default is 300 seconds you might get away with less; but diagnosing
> failures here won't be fun. Change this with caution...
>
> Our products have a better way of handling this; if a host is
> blacklisted or acts peculiarly then we have a separate timeout for it
> (60s) which is way safer than reducing this globally.
>
> > Also
> > maps_rbl_reject_code = 421
> >
> > will trigger an immediate session closing after a RBL reject so
> > misbehaved bots won't eaat up all your sessions
>
> That is plain *nasty*.
>
> Instead of getting an instant notice that their mail was rejected a
> valid sender would have to wait at least 4 hours for a 'message
> delayed'
> response from their own server. The sender will then continually retry
> the message too. This will continue until the message is deleted from
> the queue of the host or the host is delisted.
>
> If you are going to do this then it's best to do it selectively see:
> http://www.postfix.org/STRESS_README.html#hangup
>
> It's way better to set leave 'maps_rbl_reject_code' alone and set
> 'smtpd_hard_error_limit = 1' instead.
>
> Or alternatively get an anti-spam daemon that doesn't suffer from any
> of
> these problems (we can sell you one of those...).
>
> Regards,
> Steve.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list