WARNING: Ignoring deprecated option --unzip

Alex Broens ms-list at alexb.ch
Tue Jan 27 16:16:31 GMT 2009


On 1/27/2009 4:46 PM, Steve Freegard wrote:
> Alex Broens wrote:
>> Could be misbehaved bots are eating up all your available sessions.
>>
>> if you have a zillion of inactive open connections try reducing your
>> smtpd_timeout
>>
>> start off with and tune according to timeout requirements
>>
>> smtpd_timeout = 90s
>> (read the postfix docs and understand what this setting can do for you,
>> good & bad)
> 
> RFC default is 300 seconds you might get away with less; but diagnosing
> failures here won't be fun.  Change this with caution...

....RFCs written before the day of the bot... :-)
did I mention that he should read the docs about the caveats?


> Our products have a better way of handling this; if a host is
> blacklisted or acts peculiarly then we have a separate timeout for it
> (60s) which is way safer than reducing this globally.
>> Also
>> maps_rbl_reject_code = 421
>>
>> will trigger an immediate session closing after a RBL reject so
>> misbehaved bots won't eaat up all your sessions
> 
> That is plain *nasty*.

Its recommended by Victor.. :-)
I love being nasty to bots...

> Instead of getting an instant notice that their mail was rejected a
> valid sender would have to wait at least 4 hours for a 'message delayed'
> response from their own server.  The sender will then continually retry
> the message too.  This will continue until the message is deleted from
> the queue of the host or the host is delisted.

bots/infected hosts don't retry. Valid senders shouldn't be listed in zen.
IF they are, I have little compassion.

> Or alternatively get an anti-spam daemon that doesn't suffer from any of
> these problems (we can sell you one of those...).

I can sell you a service which can't afford your product.
(but that is totally offtopic)

Alex




More information about the MailScanner mailing list