Loading ...
Sorry, an error occurred while loading the content.

Re: postscreen: refresh of stored entries?

Expand Messages
  • Wietse Venema
    ... Currently the time stamp says when the IP address passed the tests. If the time stamp is updated without passing a test, then I don t understand what the
    Message 1 of 2 , Dec 30, 2009
    • 0 Attachment
      Stefan Foerster:
      > from /var/log/mail.log:
      > Dec 31 01:49:47 nemea postfix/postscreen[2994]: PASS OLD 168.100.1.4
      >
      > # postmap -q 168.100.1.4 btree:/var/lib/postfix/ps_cache
      > 1262188493
      >
      > # date --date "Dec 31 01:49:47" "+%s"
      > 1262220587
      >
      > # echo $(((1262220587-1262188493)/3600))
      > 8
      >
      > If a client that has passed postscreen in the past connects again,
      > should the timestamp stored in $postscreen_cache_map be updated?

      Currently the time stamp says when the IP address passed the tests.

      If the time stamp is updated without passing a test, then I don't
      understand what the time stamp means: something passed a test,
      maybe weeks or perhaps months ago?

      I also don't understand what the problem is with repeating a test
      once after 24 hours.

      Wietse

      > For
      > legitimate clients, this would avoid a delay and/or DNS lookups
      > every $postscreen_cache_retention_time. OTOH, if a non-legitimate
      > client somehow gets to use the IP address of a sender previously added
      > to the database, we lose our first line of defense. Small gain, big
      > potential risk?
      >
      >
      > Stefan^:wq
      >
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.