Postings by allenc

How "safe" is reject_unknown_helo_hostname?

I have been looking at the configuration parameter
"reject_unknown_helo_hostname", with a view to using it to resist spam.

I know it is reasonably safe to reject an incoming email on an invalid or
non-fqdn HELO hostname, but *UNKNOWN?*

I don't receive a sufficient corpus of email to make a reasoned judgment.

Your comments would be appreciated.

Allen C

Could you please explain a warning message

Yesterday I saw the following warning message in my logs:-

2018-10-06T14:11:19+01:00 geronimo postfix/postscreen[8194]: warning: psc_cache_update:
btree:/var/lib/postfix/postscreen_cache update average delay is 151 ms

A tenth of a second is an ENORMOUS delay for an SSD, and my immediate thought was/is an incipient disc failure, but
the monthly disc tests say 95 percent of the life expectancy remains.

I have swept my logs since February and this is the only instance of the message.

I am operating a domestic server (50 messages a day), running on a Synology NAS device, with things in the bac

Message Rejection

Is there any way of making a bad email address (eg a spam-trap) reject
an entire multi-destination transaction?

If one RCPT TO command is to a spamtrap address, then that message will
be spam; you do not want it being delivered to any other (genuine) RCPT
TO destinations.

Allen C

Postscreen Feature Request

GIVEN THAT, when the Postscreen internal SMTP engine is invoked, the
decision to reject the message has already been made;
It seems to me that this is an opportunity to tar-pit the (bad) remote
host, diminishing spam throughput, and eroding the host's useful life-span.

I SUGGEST, therefore, that an additional "TAR-PIT" option be added to
the list of available postscreen_mumble_action's.

Postscreen temporary whitelist

Is there any way of reducing the TTL of the postscreen temporary whitelist?

I am having problems with spammers repeatedly getting through postscreen
with a "PASS OLD" result.

While I can't stop them trying, at least I can cost them time by making
them run the full postscreen gauntlet more frequently...

Many thanks

Allen C

Strange log entry

Hello all

From time to time I see a strange log entry:

2016-11-30T10:40:43+00:00 geronimo postfix/postscreen[20844]: warning:
getpeername: Transport endpoint is not connected -- dropping this connection

Can someone explain what this means, please.

Is there anything I could/should do about it?

many thanks

Allen C

OT: "X-PHP-Script" header

Over the weekend I had three spam messages get through to my in-box. Two
contained an "X-PHP-Script" header

one was

and the other

I suppose I could block them using header_checks, but first, does
anybody know what they (are supposed to) do? I have not encountered
them before.

Allen C