Loading ...
Sorry, an error occurred while loading the content.

Re: postscreen question

Expand Messages
  • Wietse Venema
    ... Citing from the Postfix dict_db.c module: /* * With some Berkeley DB implementations, close fails with a bogus ENOENT * error, while it reports no errors
    Message 1 of 5 , Jan 1, 2011
    View Source
    • 0 Attachment
      Christian Roessner:
      > Hi,
      >
      > do you have nearer information on this:
      >
      > Jan 1 06:35:00 mx postfix/postscreen[5599]: close database /var/lib/postfix/ps_cache.db: No such file or directory (possible Berkeley DB bug)

      Citing from the Postfix dict_db.c module:

      /*
      * With some Berkeley DB implementations, close fails with a bogus ENOENT
      * error, while it reports no errors with put+sync, no errors with
      * del+sync, and no errors with the sync operation just before this
      * comment. This happens in programs that never fork and that never share
      * the database with other processes. The bogus close error has been
      * reported for programs that use the first/next iterator. Instead of
      * making Postfix look bad because it reports errors that other programs
      * ignore, I'm going to report the bogus error as a non-error.
      */
      if (DICT_DB_CLOSE(dict_db->db) < 0)
      msg_info("close database %s: %m (possible Berkeley DB bug)",
      dict_db->dict.name);

      It this bothers you, think about all the programs that silently
      ignore errors.

      Wietse
    • Lynn Dobbs
      I ve read the postscreen man page and the Postfix Postscreen Howto and I m left with one question. Is it possible to limit postscreen to a particular ip:port
      Message 2 of 5 , Aug 7, 2013
      View Source
      • 0 Attachment
        I've read the postscreen man page and the "Postfix Postscreen Howto" and
        I'm left with one question.

        Is it possible to limit postscreen to a particular ip:port like smtpd?
        Like this:

        my.public.ip.address:smtpd pass - - n - - smtpd


        The documentation, as far as I can tell, does not explicitly say it can
        be done but gives me the feeling that it can't (shouldn't?) be done. I
        would much rather use postscreen over the greylisting (gld-ng) that I'm
        using now.

        --

        Lynn Dobbs
        Chief Technical Officer
        CreditLink Corporation
      • Wietse Venema
        ... Yes. ... The relevant manpage is master(5). Wietse
        Message 3 of 5 , Aug 7, 2013
        View Source
        • 0 Attachment
          Lynn Dobbs:
          > I've read the postscreen man page and the "Postfix Postscreen Howto" and
          > I'm left with one question.
          >
          > Is it possible to limit postscreen to a particular ip:port like smtpd?
          > Like this:
          >
          > my.public.ip.address:smtpd pass - - n - - smtpd

          Yes.

          >
          > The documentation, as far as I can tell, does not explicitly say it can
          > be done but gives me the feeling that it can't (shouldn't?) be done. I

          The relevant manpage is master(5).

          Wietse
        • /dev/rob0
          ... Yes, but the first smtpd should be a name from services(5), here being smtp to indicate TCP port 25. ... I think the master(5) manual is reasonably
          Message 4 of 5 , Aug 7, 2013
          View Source
          • 0 Attachment
            On Wed, Aug 07, 2013 at 09:58:12AM -0700, Lynn Dobbs wrote:
            > I've read the postscreen man page and the "Postfix Postscreen
            > Howto" and I'm left with one question.
            >
            > Is it possible to limit postscreen to a particular ip:port like
            > smtpd? Like this:
            >
            > my.public.ip.address:smtpd pass - - n - - smtpd

            Yes, but the first "smtpd" should be a name from services(5), here
            being "smtp" to indicate TCP port 25.

            > The documentation, as far as I can tell, does not explicitly
            > say it can be done but gives me the feeling that it can't
            > (shouldn't?) be done. I would much rather use postscreen over
            > the greylisting (gld-ng) that I'm using now.

            I think the master(5) manual is reasonably explicit in defining the
            fields and how they are used. See "Service name" and "Service type"
            "inet".

            It's probably not that unusual to want postscreen only on one IP
            address. For example, many older sites are still providing MSA
            service on port 25. You definitely do not want to put user MUAs
            through postscreen.
            --
            http://rob0.nodns4.us/ -- system administration and consulting
            Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
          Your message has been successfully submitted and would be delivered to recipients shortly.