Hi,
I'm testing postscreen on our secondary smtp server.
First results:
https://rz-static.uni-hohenheim.de/hmayer/tmp/Screenshot-68.png
There are hardly anymore rejects. I did not yet adjust mailgraph for the
drops.
Statistics:
UNIQ/TOTAL EVENT
536/586 PASS NEW
97/119 HANGUP
808/974 PREGREET
But I'd prefer not to use DNSBL's by postcreen. It is for the logging.
Users occasionally ask for details if mail did not arrive.
If I try, I get:
Jul 6 10:17:00 smtp2 postfix/postscreen[23670]: PREGREET 34 after 0.52
from 90.148.159.227: HELO 90-148-159-227.saudi.net.sa??
Jul 6 10:17:00 smtp2 postfix/postscreen[23670]: panic:
postscreen_dnsbl_done: no blocklist cache entry for 90.148.159.227
in main.cf
postscreen_dnsbl_sites =
postscreen_greet_action = drop
in master.cf
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
I also tried to comment dnsblog - same problem:
# dnsblog unix - - n - 0 dnsblog
Jul 6 10:25:14 smtp2 postfix/postscreen[24577]: PREGREET 47 after 0.49
from 123.219.54.120: HELO p5120-ipbfp402kobeminato.hyogo.ocn.ne.jp??
Jul 6 10:25:14 smtp2 postfix/postscreen[24577]: panic:
postscreen_dnsbl_done: no blocklist cache entry for 123.219.54.120
Jul 6 10:25:15 smtp2 postfix/master[24571]: warning: process
/usr/libexec/postfix/postscreen pid 24577 killed by signal 6
What am I doing wrong ?
Regards
Helga Mayer
Re: postscreen test
Helga Mayer:
That is an interesting picture. It looks like dropping the pregreeters
made your reject rates already go down quite a bit. Of course it
is known that spammers prefer to use secondary MX hosts because
these hosts often serve many domains and therefore have more
permissive settings.
This weekend I finally found time to update the non-production
release. This version should support "no DNS blocklists" without
panic, and it also has better support for "postfix reload".
There are still plenty of rough edges. It does not yet remove entries
from the btree database so the file needs to be renamed periodically,
and it does not yet log the sender/recipient of rejected mail. For
that reason alone I don't recommend turning on DNS blocklist lookups
except for gathering statistics.
I'm still open for program name suggestions. If someone has a better
name than "swatter" or "halligan" let me know. Once the name changes,
all the configuration parameters will change, too.
Wietse
Re: postscreen test
posttriage
or if you have issues w/the French:
postcull
postreject
postdiscard
Re: postscreen test
postcullis
Re: postscreen test
Well played.
Re: postscreen test
Sounds a little like an Irish airline or a dubious sexual act?
Re: postscreen test
The service is an SMTP "bouncer", keeping unwanted clients from entering
the premises. We already have a "bounce unix" service, will having:
smtp inet n - n - 1 bouncer
...
bounce unix - - n - 0 bounce
cause significant confusion?
Re: postscreen test
* Victor Duchovni :
I already see enough confusion with smtp/smtpd
Re: postscreen test
While I like the name, please no. Postfix support lists have had to
call attention to "smtp" v. "smtpd" enough.
By itself, it is not. I'd suggest that increasing the number of support
questions for little gain is not prudent. Uniquely distinct names have
value.
my 2c.
Re: postscreen test
I would usually concur, but the "bounce" service is largely invisible
to users, so confusion is far less likely. You may still be right, but
it is far less significant than with smtp(8) and smtpd(8).
Re: postscreen test
I'm inclined to agree that adding more possible confusion is not a good
thing even if it is minimal. What about some variation on a propylaeum
(http://en.wikipedia.org/wiki/Propylaea)? A propylaeum is a gateway that
sits at the entrance of a sacred enclosure. The most famous one is at
the Acropolis. Entering the Acropolis was permitted or denied at the
Propylaeum. A literal reading of the Greek would be something like 'that
which is before the entrance (or gates)'.
Kyle
Re: postscreen test
Naming it "bouncer" might reduce the confusion a smidgen and make it
slightly easier to search for.
Re: postscreen test
Victor Duchovni:
It's no worse than smtp versus smtpd. If there exists a different
name for the agent at the door, then that might work. Alas, cerberus
is already in use (by the "kerberos" authentication system).
Wietse
Re: postscreen test
* Wietse Venema <<...> at porcupine dot org>:
And your cerberus is multi-threaded, not multi-headed.
Re: postscreen test
And so are "Heimdall" (KTH's implementation of Kerberos) as well as
Anubis and Horus.
Unless you want to use "St.Peter", of course --- no offense intended,
of course.
There is certainly "Charon"[1] left. Which might actually be quite
suitable given the duty it performed: carry the dead across river Styx
[2], only if they were "good enough"
Just my two cents
[1] http://en.wikipedia.org/wiki/Charon_(mythology)
[2] http://en.wikipedia.org/wiki/Styx
Re: postscreen test
Re: postscreen test
How about praetorian...
Re: postscreen test
From http://en.wikipedia.org/wiki/Oedipus,
Continuing his journey to Thebes, Oedipus encounters the Sphinx who
would stop all those who traveled to Thebes and ask them a riddle. If
the travelers were unable to answer correctly, they were eaten by the
Sphinx; if they were successful, they would be able to continue their
journey.
Short, no collisions, and has an 'x' to supply coolness. I am partial to
"prefix," though, and agree that "bouncer" would just confuse people.
Re: postscreen test
* Michael Orlitzky <<...> at orlitzky dot com>:
But then oedipus is more widely know for what he did with his mother.
Re: postscreen test
Yeah, I was thinking more along the lines of "Sphinx." I'm saving
"Oedipus" for the daemon that accidentally SIGKILLs its parent process
after removing its own read permissions from /var/run.
Re: postscreen test
corona
postquack (like water off a ducks back)
But I can't beat prefix.
-- Noel Jones
Re: postscreen test
* Noel Jones <<...> at megan dot vbhcs.org>:
Corona, St.George, what's it with the beer names?
Re: postscreen test
Corona - outer atmosphere of a star
I can't help it if someone named a beer that too. Makes more
sense for our purpose, I'll give them a call.
I like sentry too.
-- Noel Jones
Re: postscreen test
* Noel Jones <<...> at megan dot vbhcs.org>:
Latin for Crown
Re: postscreen test
Ralf Hildebrandt:
Good names I have seen sofar that suggest what the program does:
sentry (the guard at the gate) and triage (the action of deciding
which patients to service).
Wietse
Re: postscreen test
From the point of view of one who has been easily confused by
definitions of terms I want to also join the no to "bouncer" and I
agree with all the reasons others have stated.
Re: postscreen test
St Peter?
Re: postscreen test
How about "sentinel"
–noun
1. a person or thing that watches or stands as if watching.
2. a soldier stationed as a guard to challenge all comers and prevent a
surprise attack: to stand sentinel.
3. Also called tag. Computers. a symbol, mark, or other labeling device
indicating the beginning or end of a unit of information.
–verb (used with object)
4. to watch over or guard as a sentinel.
Bill
RE: postscreen test
I like turpis
http://en.wiktionary.org/wiki/turpis
Latin
[edit] Adjective
turpis m. and f., turpe n.; third declension
1. ugly, unsightly; foul, filthy
2. (of sound) cacophonous, disagreeable
3. (figuratively) base, infamous, scandalous, dishonorable, shameful, disgraceful
Or modified as postturpis
Michael Goodman
Senior System Administrator
Re: postscreen test
Along that theme: doorman? bouncer? examiner? customs? patrol?
G.
Re: postscreen test
I like prefix too; that Ralf is very clever. postfix/postprefix might
twist one's mind.
Or, go biblical: postsmite. ;-)
Good fun.
Re: postscreen test
Possible substitutes include concierge or valet, or perhaps any of the
less specific guard, sentry, sentinel, ...
-Rob
Re: postscreen test
I think "sentry" is short, and simple, and can even be thought of as a
contraction of "smtp" and "entry". A bit less corny than "prefix" IMHO
(sorry Patrick, nothing personal).
Re: postscreen test
Victor Duchovni:
"sentry" is good.
In a similar class is "triage", which I mention in the postscreen
manpage at http://www.postfix.org/postscreen.8.html
Wietse
Re: postscreen test
* Wietse Venema :
Two more names:
refuse
drop(down)
I am very much in favor of greek or latin mythology, but I think prefix and
both words above are more in the tradition of describing what the program does
e.g. pickup, cleanup, tlsmgr etc. which I actually like very much about
Postfix naming convention.
p@rick
Re: postscreen test
"screener", then.
Oh, wait ...
but then, there is also "anvil"
J.L.
Re: postscreen test
"Anvil" is a name I always liked for a Postfix daemon, and I was also
thinking that building on that theme would be a good idea. However, I'm
not clever enough to come up with an example. "Vise" was all that I
could come up with.
-Mike
Re: postscreen test
Winnow from winnowing.
Re: postscreen test
Wietse Venema schrieb:
sentry is used by lots of other things
http://en.wikipedia.org/wiki/Sentry
Re: postscreen test
Zitat von Victor Duchovni :
I too would prefare something you can "easy" search for. The word
"prefix" would be to broad in use IMHO.
Regards
Andreas
Re: postscreen test
* Victor Duchovni :
Not too bad.
Re: postscreen test
+1 for sentry.
Re: postscreen test
What about an name like "trooper"?
This is in reference to:
a) A police officer with their radar guns catching speeders
b) A soldier on the front line of battle
Re: postscreen test
* Wietse Venema <<...> at porcupine dot org>:
"prefix"? It fixes things before they become a problem...
p@rick
Re: postscreen test
Cute, but it does not start with "post", and the existing utilities
all do, breaking the pattern makes it less obvious which commands
are likely to be Postfix utilities...
Re: postscreen test
Ok, so how about 'postfix'?
Sorry, couldn't resist...
Re: postscreen test
In all seriousness, I think prefix is the only choice now. Guess
Patrick wins a free update to 2.7 :)
Re: postscreen test
Victor Duchovni:
Postfix daemon names don't start with "post". The name "postscreen"
is used only because I had to get this up and running in very little
time so that I would have some results.
Wietse
Re: postscreen test
Oops, you are right of course, this lives in the libexec namespace,
never mind...
Re: postscreen test
Great name! I like it!
Terry
Re: postscreen test
+1
- --
Victoriano Giralt
Systems Manager
Central ICT Services
University of Malaga
SPAIN