WARNING: Ignoring deprecated option --unzip
Simon Jones
simonmjones at gmail.com
Tue Jan 27 16:20:51 GMT 2009
2009/1/27 Stephen Swaney <steve.swaney at fsl.com>:
> :)
>
>
> Steve
>
> --
> Steve Swaney
> steve at fsl.com
> 202 595-7760 ext: 601
> www.fsl.com
>
> The most accurate and cost effective anti-spam solutions available
>
>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of Steve Freegard
>> Sent: Tuesday, January 27, 2009 10:47 AM
>> To: MailScanner discussion
>> Subject: Re: WARNING: Ignoring deprecated option --unzip
>>
>> Alex Broens wrote:
>> >
>> > Could be misbehaved bots are eating up all your available sessions.
>> >
>> > if you have a zillion of inactive open connections try reducing your
>> > smtpd_timeout
>> >
>> > start off with and tune according to timeout requirements
>> >
>> > smtpd_timeout = 90s
>> > (read the postfix docs and understand what this setting can do for
>> you,
>> > good & bad)
>>
>> RFC default is 300 seconds you might get away with less; but diagnosing
>> failures here won't be fun. Change this with caution...
>>
>> Our products have a better way of handling this; if a host is
>> blacklisted or acts peculiarly then we have a separate timeout for it
>> (60s) which is way safer than reducing this globally.
>>
>> > Also
>> > maps_rbl_reject_code = 421
>> >
>> > will trigger an immediate session closing after a RBL reject so
>> > misbehaved bots won't eaat up all your sessions
>>
>> That is plain *nasty*.
>>
>> Instead of getting an instant notice that their mail was rejected a
>> valid sender would have to wait at least 4 hours for a 'message
>> delayed'
>> response from their own server. The sender will then continually retry
>> the message too. This will continue until the message is deleted from
>> the queue of the host or the host is delisted.
>>
>> If you are going to do this then it's best to do it selectively see:
>> http://www.postfix.org/STRESS_README.html#hangup
>>
>> It's way better to set leave 'maps_rbl_reject_code' alone and set
>> 'smtpd_hard_error_limit = 1' instead.
>>
>> Or alternatively get an anti-spam daemon that doesn't suffer from any
>> of
>> these problems (we can sell you one of those...).
>>
>> Regards,
>> Steve.
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
yerrr, didn't like maps_rbl_reject_code = 421 much meself - upping the
process limit seems to at least keep it stable, I'll monitor for the
next few hours whilst trying to gather some collateral from the
tcpdump and maillogs - all suggestions and help / input from you is
really appreciated.
More information about the MailScanner
mailing list