From: LuKreme on
On 26-May-2010, at 14:28, Matt Hayes wrote:
>
> postscreen doesn't require you to use RBL's during its checks, however,
> you have the ability to do so. The nice thing about doing RBL checks in
> postscreen is it stops connections from getting to the SMTPD, thus
> reducing system load.

Ah. Need to read up on that then.

It's in 2.7 only, yes? I'm still running 2.6.

Just add:

postscreen_dnsbl_sites zen.spamhous.org

To a 2.7 config?

--
Look, that's why there's rules, understand? So that you *think* before
you break 'em.

From: Noel Jones on
On 5/26/2010 5:34 PM, LuKreme wrote:
> On 26-May-2010, at 14:28, Matt Hayes wrote:
>>
>> postscreen doesn't require you to use RBL's during its checks, however,
>> you have the ability to do so. The nice thing about doing RBL checks in
>> postscreen is it stops connections from getting to the SMTPD, thus
>> reducing system load.
>
> Ah. Need to read up on that then.
>
> It's in 2.7 only, yes? I'm still running 2.6.
>
> Just add:
>
> postscreen_dnsbl_sites zen.spamhous.org
>
> To a 2.7 config?
>

postscreen is currently available in the postfix 2.8
snapshots. Instructions for activating postscreen are
included in the RELEASE_NOTES. eg.
http://postfix.energybeam.com/source/experimental/postfix-2.8-20100323.RELEASE_NOTES




-- Noel Jones

From: Stan Hoeppner on
brian put forth on 5/26/2010 1:53 PM:

> FWIW, aside from aliases for the usual postmaster, abuse, and webmaster
> addresses, this domain has just 2 actual addresses to be maintained. So,
> might a whitelist approach be the way to go? Or, is this something i
> should leave to iptables/fail2ban?

Care to share some of the spammer IP address info? Is this botnet traffic or
snowshoe? If snowshoe, I might be able to provide you with a complete list of
netblocks to blacklist, solving your problem with a simple edit or two.

--
Stan

From: Stan Hoeppner on
Noel Jones put forth on 5/26/2010 3:56 PM:

> Use ps or top to see how much RAM each smtpd uses, guesstimate from
> there. If system swaps, reduce.
> Postscreen will help with this, since a single postscreen process can
> handle thousands of connections.

To lower memory consumption on your VPS, you may also want to look into
proxymap if you use many or large (or both) lookup tables:
http://www.postfix.org/proxymap.8.html

Postscreen will cut down on memory consumption caused by this spam traffic as
you won't have an smtpd process per connection any longer. Proxymap can still
pay dividends if you have a fair concurrent connection load for legit mail and
large/many lookup tables.

I use some very large local blacklists, regexp and cidr tables. Imlementing
proxymap cut my memory usage per smtpd process considerably, something on the
order of 80% per process.

--
Stan

From: LuKreme on
On 26-May-2010, at 17:01, Noel Jones wrote:
>
> On 5/26/2010 5:34 PM, LuKreme wrote:
>> On 26-May-2010, at 14:28, Matt Hayes wrote:
>>>
>>> postscreen doesn't require you to use RBL's during its checks, however,
>>> you have the ability to do so. The nice thing about doing RBL checks in
>>> postscreen is it stops connections from getting to the SMTPD, thus
>>> reducing system load.
>>
>> Ah. Need to read up on that then.
>>
>> It's in 2.7 only, yes? I'm still running 2.6.
>>
>> Just add:
>>
>> postscreen_dnsbl_sites zen.spamhous.org
>>
>> To a 2.7 config?
>>
>
> postscreen is currently available in the postfix 2.8 snapshots. Instructions for activating postscreen are included in the RELEASE_NOTES. eg. http://postfix.energybeam.com/source/experimental/postfix-2.8-20100323.RELEASE_NOTES

Is it possible to run postscreen from 2.8 with 2.7 or would I need to run a 2.8 snapshot?

--
"He raised his hammer defiantly and opened his mouth to say, "Oh, yeah?"
but stopped, because just by his ear he heard a growl. It was quite low
and soft, but it had a complex little waveform which went straight down
into a little knobbly bit in his spinal column where it pressed an
ancient button marked Primal Terror." --Feet of Clay