- Sep 13, 2010Postscreen is a single Postfix 2.8 daemon that keeps spambots away
from Postfix SMTP server processes, so that more Postfix server
resources remain available for handling mail. It will hopefully
become part of the next stable Postfix release.
After adding DNSBL weights and filters two weeks ago, I rewrote
the remainder of postscreen in the past 1+ week, and spent the past
several days updating documentation so that people can actually
use this thing. The re-born postscreen has been running on several
sites since the beginning of the weekend.
Postscreen now has a built-in SMTP protocol engine that allows it
to log the helo/sender/recipient of rejected mail. With a few good
DNSBL lists, this can dramatically reduce the load on Postfix SMTP
servers (blocking mail without logging is not an option for everyone).
One cautionary note: postscreen is meant to handle mail from MTAs
not end-user clients. Its protocol tests are safe for properly-
implemented MTAs, but they have not been tested with end-user
systems. Of course end-user systems should connect to the submission
port, not the port 25 that postscreen listens on...
for an overview, configuration information and more.
The last code drop was postfix-2.8-20100913, which is the same code
as snapshot 20100912, but with a bunch of minor documentation fixes.
Be sure to review the RELEASE_NOTES file if you are upgrading from
an older postscreen version - the DNSBL implementation now reveals
the DNSBL domain name in SMTP replies, so it needs to be censored
to avoid disclosing ZEN etc. passwords.
- Next post in topic >>